Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown Malware [RESOLVED]

Started by rabien , Jul 11 2008 08:18 AM

  • This topic is locked This topic is locked

#1
rabien
Posted 11 July 2008 - 08:18 AM

rabien

    Member

  • Member
  • PipPip
  • 55 posts
Thanks for the previous help with the malware. I caught a similar malware again which can't seem to be detected. I've scanned with AVG Internet Security 8.0 and Malwarebytes as recommended but they did not seem to yield any results of malware.

I recently tried out Lively.com and it wouldn't install due to some BITs problem as mentioned by the site's help page. I checked up on it and realised that it couldn't be started [I have full administrative rights on this computer] which explained why my Windows Update don't work anymore, manually or automatically. A lot of programmes also failed to work, eg. Msn Live Messenger, all video programmes will hang the computer when videos are played.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:07, on 2008-7-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\brss01a.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\BRMFRSMG.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169124419562
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 7633 bytes

this is my hijackthis.log. Please help me take a look into it. Thank you lots guys =)

rabien
  • 0

Advertisements

#2
Essexboy
Posted 18 July 2008 - 01:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, I have two programmes for you to run

  • Download WUFix.zip and unzip to your desktop.
  • Double-Click WUFix.bat to run fix.
  • You will see a window open and commands processing. When the window closes the fix will have completed.
  • Restart the computer.
This fix will clear the proxy cache, places Windows Update sites in the Trusted Zone, places Windows Update sites in the exception list of IE Popup Blocker, starts all dependent services, registers required DLLS, empties the Windows Update temporary folder (with backup), renames the catroot2 folder, retains update history and Event log, and deletes BITS pending download queue.

Once done, go back to the Windows Update Website (You must use the Microsoft Internet Explorer to do this). And update your computer

THEN

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
rabien
Posted 19 July 2008 - 04:27 AM

rabien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Sorry for replying without going through the full procedure,

After running WUFix.bat, I restarted windows and proceeded to windows update. However, windows update has showed an error and refused to allow me to proceed.

[Error number: 0x800B0001]

I did look into the knowledge database but found no topics regarding that error.

Sorry for the trouble! I hope you'd be able to help me =)

rabien
  • 0

#4
Essexboy
Posted 19 July 2008 - 04:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - continue with the DSS run and I shall see where that leads :)
  • 0

#5
rabien
Posted 19 July 2008 - 06:34 AM

rabien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
-main.txt-
Deckard's System Scanner v20071014.68
Run by Rabien on 2008-07-19 20:31:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2008-07-19 12:31:47 UTC - RP281 - Deckard's System Scanner Restore Point
35: 2008-07-18 15:27:39 UTC - RP280 - System Checkpoint
34: 2008-07-17 14:31:13 UTC - RP279 - System Checkpoint
33: 2008-07-16 14:02:26 UTC - RP278 - System Checkpoint
32: 2008-07-15 13:21:35 UTC - RP277 - System Checkpoint


-- First Restore Point --
1: 2008-05-30 15:04:10 UTC - RP246 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
System Drive C: has 3.77 GiB (less than 15%) free.


-- HijackThis (run as Rabien.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:24, on 2008-7-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\brss01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\BRMFRSMG.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\computer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rabien.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: http://windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169124419562
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 8023 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 siside - c:\winnt\system32\drivers\siside.sys <Not Verified; Silicon Integrated Systems Corp.; SiS PCI Mini IDE Driver>
R0 sisperf (Add Performance Filter Driver) - c:\winnt\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R1 AvgLdx86 (AVG AVI Loader Driver x86) - c:\winnt\system32\drivers\avgldx86.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
R1 AvgMfx86 (AVG On-access Scanner Minifilter Driver x86) - c:\winnt\system32\drivers\avgmfx86.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
R1 FsVga - c:\winnt\system32\drivers\fsvga.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
R1 SCDEmu - c:\winnt\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 aslm75 - c:\winnt\system32\drivers\aslm75.sys
R2 Atmuni (ATM Call Manager) - c:\winnt\system32\drivers\atmuni.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
R2 AvgTdiX (AVG8 Network Redirector) - c:\winnt\system32\drivers\avgtdix.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
R2 MASPINT - c:\winnt\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 Rawwan (RAW WAN Driver) - c:\winnt\system32\drivers\rawwan.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
R2 tmcomm - c:\winnt\system32\drivers\tmcomm.sys <Not Verified; Trend Micro Inc.; ActiveClean>
R3 brfilt (Brother MFC Filter Driver) - c:\winnt\system32\drivers\brfilt.sys <Not Verified; Brother Industries Ltd.; Microsoft? Windows? Operating System>
R3 BrUsbScn (Brother MFC USB Scanner driver) - c:\winnt\system32\drivers\brusbscn.sys <Not Verified; Brother Industries Ltd.; Microsoft? Windows? Operating System>
R3 cmuda (C-Media WDM Audio Interface) - c:\winnt\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 hamachi (Hamachi Network Interface) - c:\winnt\system32\drivers\hamachi.sys <Not Verified; LogMeIn, Inc.; Hamachi Virtual Network Interface Driver>
R3 kbdcap - c:\winnt\system32\drivers\kbdcap.sys
R3 mf - c:\winnt\system32\drivers\mf.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>

S2 enampdat (SpeedStream DSL AMP Protocol Driver for Windows 2000) - c:\winnt\system32\drivers\enampdat.sys (file missing)
S2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys (file missing)
S3 ADM8511 (ADMtek ADM8511/AN986 USB To Fast Ethernet Converter) - c:\winnt\system32\drivers\adm8511.sys <Not Verified; ADMtek Incorporated; ADM8511 USB To Fast Ethernet Adapter>
S3 ADM851X (ADM851X USB To Fast Ethernet Adapter) - c:\winnt\system32\drivers\adm851x.sys <Not Verified; ADMtek Incorporated; ADMtek 851X Series Adapter>
S3 AdWatchDrv (AW Realtime Driver) - c:\winnt\system32\drivers\awrtpd.sys (file missing)
S3 AmeAtmPc - c:\winnt\system32\drivers\ameatmpc.sys (file missing)
S3 AtmElan (ATM Emulated LAN) - c:\winnt\system32\drivers\atmlane.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
S3 AtmLane (ATM LAN Emulation) - c:\winnt\system32\drivers\atmlane.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
S3 BtAudio (Bluetooth Audio) - c:\winnt\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\winnt\system32\drivers\btport.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\winnt\system32\drivers\btwdndis.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\winnt\system32\drivers\btwusb.sys (file missing)
S3 EagleNT - c:\winnt\system32\drivers\eaglent.sys (file missing)
S3 EfntRfc1483 (Efficient Networks RFC 1483 Intermediate Driver) - c:\winnt\system32\drivers\efnt1483.sys (file missing)
S3 en4060load (Efficient Networks 4060 USB Load Service) - c:\winnt\system32\drivers\en4060ld.sys (file missing)
S3 geebers12 - c:\documents and settings\computer\my documents\jie xuan\xterminator engine\xterminator.sys (file missing)
S3 MPE (BDA MPE Filter) - c:\winnt\system32\drivers\mpe.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 s816bus (Sony Ericsson Device 816 driver (WDM)) - c:\winnt\system32\drivers\s816bus.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 816>
S3 s816mdfl (Sony Ericsson Device 816 USB WMC Modem Filter) - c:\winnt\system32\drivers\s816mdfl.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 816 USB WMC Modem Filter Driver>
S3 s816mdm (Sony Ericsson Device 816 USB WMC Modem Driver) - c:\winnt\system32\drivers\s816mdm.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 816 USB WMC Data Modem>
S3 s816mgmt (Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)) - c:\winnt\system32\drivers\s816mgmt.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 816 USB WMC Device Management>
S3 s816nd5 (Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)) - c:\winnt\system32\drivers\s816nd5.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 916 USB Ethernet Emulation>
S3 s816obex (Sony Ericsson Device 816 USB WMC OBEX Interface) - c:\winnt\system32\drivers\s816obex.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 816 USB WMC OBEX Interface>
S3 s816unic (Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)) - c:\winnt\system32\drivers\s816unic.sys <Not Verified; MCCI; Sony Ericsson Device 816 USB Ethernet Emulation>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\ids-di~1\20060505.083\symidsco.sys (file missing)
S3 usbhub20 (USB 2.0 Root Hub Support) - c:\winnt\system32\drivers\usbhub20.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 WINIO - c:\winnt\downloaded program files\winio.sys (file missing)
S3 WpdUsb - c:\winnt\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
S3 XDva004 - c:\winnt\system32\xdva004.sys (file missing)
S4 BsUDF (InCD UDF Driver) - c:\winnt\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (Windows2000)>
S4 Parallel (Parallel class driver) - c:\winnt\system32\drivers\parallel.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 avg8emc (AVG8 E-mail Scanner) - c:\progra~1\avg\avg8\avgemc.exe <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
R2 avg8wd (AVG8 WatchDog) - c:\progra~1\avg\avg8\avgwdsvc.exe <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>

S3 usprserv (User Privilege Service) - c:\winnt\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&48
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&48
Service: rtl8139

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ATM Emulated LAN
Device ID: ROOT\MS_ATMELAN\0000
Manufacturer: Microsoft
Name: ATM Emulated LAN(<unspecified ELAN name>)
PNP Device ID: ROOT\MS_ATMELAN\0000
Service: AtmElan


-- Scheduled Tasks -------------------------------------------------------------

2008-07-19 19:43:14 366 --a------ C:\WINNT\Tasks\Symantec NetDetect.job
2005-04-15 21:23:39 286 -----n--- C:\WINNT\Tasks\XoftSpy.job


-- Files created between 2008-06-19 and 2008-07-19 -----------------------------

2008-07-19 18:06:55 0 d-------- C:\WINNT\system32\CatRoot2
2008-07-19 17:59:56 0 d-------- C:\WINNT\SoftwareDistribution
2008-07-11 21:37:07 0 d-------- C:\Documents and Settings\computer\Application Data\Malwarebytes
2008-07-11 21:37:01 17144 --a------ C:\WINNT\system32\drivers\mbam.sys <Not Verified; Malwarebytes Corporation; Malwarebytes' Anti-Malware>
2008-07-11 21:37:00 34296 --a------ C:\WINNT\system32\drivers\mbamcatchme.sys
2008-07-11 21:37:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 21:36:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 21:36:44 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-11 21:30:21 0 dr-h----- C:\Documents and Settings\computer\Recent
2008-06-30 00:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-06-25 01:16:07 0 d--h----- C:\$AVG8.VAULT$
2008-06-24 00:54:10 76040 --a------ C:\WINNT\system32\drivers\avgtdix.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-06-24 00:54:10 10520 --a------ C:\WINNT\system32\avgrsstx.dll <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-06-24 00:54:09 96520 --a------ C:\WINNT\system32\drivers\avgldx86.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-06-24 00:54:00 0 d-------- C:\WINNT\system32\drivers\Avg
2008-06-24 00:54:00 0 d-------- C:\Documents and Settings\computer\Application Data\AVGTOOLBAR
2008-06-24 00:53:51 0 d-------- C:\Program Files\AVG
2008-06-24 00:53:51 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8


-- Find3M Report ---------------------------------------------------------------

2008-07-19 18:27:59 0 d-------- C:\Documents and Settings\computer\Application Data\MegauploadToolbar
2008-07-16 19:56:49 0 d-------- C:\Documents and Settings\computer\Application Data\Adobe
2008-07-11 22:06:15 0 d-------- C:\Program Files\Trend Micro
2008-07-11 21:36:44 0 d-------- C:\Program Files\Common Files
2008-07-11 21:32:40 0 d-------- C:\Program Files\ABC 3GP Converter
2008-07-11 21:32:22 0 d-------- C:\Program Files\CCleaner
2008-07-11 21:07:29 0 d-------- C:\Program Files\Google
2008-06-24 20:40:32 2505 --a------ C:\Program Files\Microsoft Office Word 2003.lnk
2008-06-13 22:24:17 0 d-------- C:\Documents and Settings\computer\Application Data\Hamachi
2008-06-13 22:04:01 0 d-------- C:\Program Files\Hamachi
2008-05-14 05:11:57 50 --a------ C:\WINNT\system32\mf322def.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-07-04 20:03 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 20:03 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2004-08-04 15:56 C:\WINNT\system32\mobsync.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-23 23:37]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINNT\system32\nwiz.exe]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2006-10-22 12:22]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-30 19:57]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 09:33]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 10:07]
"SetDefPrt"="C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 15:31]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 20:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 15:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-7 18:39:05]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 22:05:26]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 11:29:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e073c94a-3aa7-11dc-92e4-00e018b2d01c}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-19 20:32:58 ------------
  • 0

#6
rabien
Posted 19 July 2008 - 06:34 AM

rabien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
-extra.txt-

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 511.53 MiB / 154.85 MiB
Pagefile Memory (total/avail): 1250.16 MiB / 888.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1957.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 3.78 GiB free.
D: is Fixed (NTFS) - 58.59 GiB total, 10.85 GiB free.
E: is Fixed (NTFS) - 16.83 GiB total, 16.28 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y120P0 - 114.49 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 75.42 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:abc"
"C:\\Documents and Settings\\computer\\Desktop\\Programs\\Mahjong2002\\igsmj2.exe"="C:\\Documents and Settings\\computer\\Desktop\\Programs\\Mahjong2002\\igsmj2.exe:*:Enabled:igsmj2"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\computer\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER1
ComSpec=C:\WINNT\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\computer
LOGONSERVER=\\COMPUTER1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\WBEM;c:\perl\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\computer\LOCALS~1\Temp
TMP=C:\DOCUME~1\computer\LOCALS~1\Temp
USERDOMAIN=COMPUTER1
USERNAME=Rabien
USERPROFILE=C:\Documents and Settings\computer
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

computer (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
ABC (remove only) --> C:\Program Files\ABC\Uninstall.exe
Acoustica CD/DVD Label Maker --> C:\Program Files\Acoustica CD Label Maker\uisurvey.exe
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop Elements 2.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe? Photoshop? Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AutoUpdate -->
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C33DC9DF-0841-4B28-AD0B-68EF59FAC53C}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
C-Media Audio --> C:\WINNT\CMIUnInstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen MicroPhoto --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AEC8F41-4701-415D-9782-F69CFB535463}\SETUP.EXE" -l0x9 /remove
Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
Disc2Phone --> MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Easy Video Splitter 1.28 --> "C:\Program Files\Easy Video Splitter\unins000.exe"
File Transfer Plus 1.1 RELEASE --> "C:\Program Files\MessengerPlus! 3\Plugins\FileTransferPlus\unins000.exe"
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
Flash Video Exporter 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D61229A-9C20-465E-9EEA-76D98FAFE5F6}\Setup.exe" -l0x9 UNINSTALL
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Pack Screensaver --> C:\WINNT\Google Pack Screensaver Uninstaller.exe
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
Heroes of Might and Magic V --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
́́?????÷ --> regsvr32 /u /s "C:\WINNT\Downloaded Program Files\iebar23.0.dll"
InCD (Ahead Software) --> C:\WINNT\NuNInst.exe /UNINSTALL
Ink --> MsiExec.exe /I{9FCB2876-554D-491D-A2CD-58F8252D6C64}
Internet Explorer Q903235 --> C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
iTunes -->
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Authorware 6.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C3FED1F-2EEF-45AA-B238-5F66D2AFCCD0}\Setup.exe" -l0x9 UNINSTALL
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AE751-7055-4518-87B0-E148A8D50D0A}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathType 5 --> "C:\Program Files\MathType\Setup.exe" -R
Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database --> C:\WINNT\system32\sdbinst.exe -u "C:\WINNT\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\wmv9vcm.inf, Uninstall
Microsoft XML Parser -->
MicroStaff WINASPI --> C:\Program Files\SiSLan\uninst.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0.6) --> C:\WINNT\UninstallThunderbird.exe /ua "1.0.6 (en)"
MP3 Splitter & Joiner --> "C:\Program Files\MP3 Splitter & Joiner\unins000.exe"
MPEG Encoder 3 --> C:\Program Files\ImTOO\MPEG Encoder 3\Uninstall.exe
Nero --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Drivers --> C:\WINNT\system32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINNT\system32\ASUninst.exe Panda ActiveScan
PaperPort 8.0 SE --> MsiExec.exe /I{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime -->
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Real Alternative 1.43 --> "C:\Program Files\Real Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SiS Ultra-DMA IDE Driver (Remove) --> RunDll32 siside2k.dll,UninstallIDE
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite --> C:\WINNT\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}
Sony Ericsson Themes Creator 3.19 --> C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Network Drivers Update -->
TDK Digital MixMaster --> C:\WINNT\uninDMM.exe C:\PROGRA~1\TDK\DIGITA~1\DMM.exe|C:\WINNT\UNINST.EXE|-fC:\PROGRA~1\TDK\DIGITA~1\DeIsL1.isu
Themexp.org File --> C:\PROGRA~1\themexp\THEMEX~1.ORG\UNWISE.EXE C:\PROGRA~1\themexp\THEMEX~1.ORG\INSTALL.LOG
Timed Shutdown 0.5b --> "C:\Program Files\Timed Shutdown\unins000.exe"
TVUPlayer 1.5.12 --> C:\Program Files\TVU Player\uninst.exe
Ulead Drop Spot 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BCC5640-5360-11D4-A44A-0000E86D2305}\setup.exe" -l0x9
Ulead PhotoImpact XL ESD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DDDE141-9696-4E33-AB82-EF398169D7E5}\setup.exe" -l0x9
Ultra Video Splitter 3.4.0 --> "C:\Program Files\Ultra Video Splitter\unins000.exe"
WebFldrs XP -->
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",?UninstallFunction@CwlscCore@@QAEXXZ
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove


-- Application Event Log -------------------------------------------------------

Event Record #/Type4244 / Warning
Event Submitted/Written: 07/19/2008 06:06:30 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type4243 / Warning
Event Submitted/Written: 07/19/2008 06:06:30 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type4241 / Error
Event Submitted/Written: 07/19/2008 06:02:31 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application avgui.exe, version 8.0.0.134, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4239 / Warning
Event Submitted/Written: 07/19/2008 03:50:48 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type4238 / Warning
Event Submitted/Written: 07/19/2008 03:50:48 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type59175 / Error
Event Submitted/Written: 07/19/2008 08:32:28 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type59161 / Error
Event Submitted/Written: 07/19/2008 06:07:27 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%2

Event Record #/Type59160 / Error
Event Submitted/Written: 07/19/2008 06:07:27 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SpeedStream DSL AMP Protocol Driver for Windows 2000 service failed to start due to the following error:
%%2

Event Record #/Type59140 / Error
Event Submitted/Written: 07/19/2008 04:58:37 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the StiSvc service.

Event Record #/Type59139 / Warning
Event Submitted/Written: 07/19/2008 04:04:06 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\MIRACLESREALM on the network \Device\NetBT_Tcpip_{BEE785E5-BA79-44AA-AF08-2AAC1552A035}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-07-19 20:32:58 ------------


Sorry for the trouble! it looks like a huge long list =/

Thanks alot too!

rabien
  • 0

#7
Essexboy
Posted 20 July 2008 - 04:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there it looks as though part of your problem is running out of disc space

So we will look at curing that and proceed from there

Please download ATF Cleaner by Atribune.
This program is for XP, Vista and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

THEN

In the attached zip file are two batch files called batch1 and batch 2.
Unzip to the desk top then double click batch1 a black screen should appear then disappear, this is normal.

Reboot

Double click batch2 and on completion reboot

NEXT

Download and run Auslogics disc defragmenter

FINALLY FOR NOW

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#8
rabien
Posted 20 July 2008 - 08:24 AM

rabien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hey,

I've done everything you told me to =) Thanks for the time!

rabien

Attached Files


  • 0

#9
Essexboy
Posted 20 July 2008 - 09:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Still nothing evident. Lets secure the system now and try one of the online scanners. Could you retry Windows update now and if you get an error message let me know what it is. Could you also update me on your current problems

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
  • Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient
  • 0

#10
rabien
Posted 21 July 2008 - 03:34 PM

rabien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hey,

I've done everything you said and surprisingly before i shut my computer off yesterday, automatic updates were on and i downloaded 27 files :s As to why it worked again i have no idea. The scanning website showed no malware after an overnight scan.

But my computer still have problems running windows live messenger and playing videos[mp4,wmv,avi...]. When i playback a video, the video wouldn't seem to load and my whole computer slows down. It stays in this state until I shut down the process from the task manager. It is only these 2 peculiar programmes. When I open msn live messenger or playback videos, the cpu usage increases straight to 100% and slows down the entire computer.

I think it came from the previous malware that i managed to get help with. The person managed to find the malware for me and gave me directions to fix it. Thereafter I wanted to improve my computer performance, so he said that I could switch off system restore point and reboot and switch it on again. This will supposedly clear the previous system restore points. On reboot after switching off system restore, I got a blue screen which eventually led me to switch on the computer with the last workable method [it was some xp function]. I did. The problems came back but apparently the malware was gone.

I hope that you would be able to help me with this =)

rabien
  • 0

Advertisements

#11
Essexboy
Posted 21 July 2008 - 03:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

automatic updates were on and i downloaded 27 files

That could have been the two batch files completing the repair.

Did you run the F-Secure scan ? As I will need to see the log. What was the infection that you had previously ?

I will run combofix to see if you had a variant of the Virtumondo which hijacks files

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#12
rabien
Posted 22 July 2008 - 05:08 AM

rabien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hey, thanks for everything so far

I uploaded the ols report up here. When I startup the computer just now, there was a sudden lag in the system. The computer usage is at 100% thereabout, with one svchost.exe using up an apparent 98% of the cpu usage. I have no idea why did this suddenly happen. Also, just a question, do i proceed to install combofix?

thanks alot!

rabien

Attached Files


  • 0

#13
rabien
Posted 22 July 2008 - 06:30 AM

rabien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hey,

I've done everything that was to be done.

ComboFix 08-07-21.2 - Rabien 2008-07-22 20:13:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.65.1033.18.149 [GMT 8:00]
Running from: C:\Documents and Settings\computer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\computer\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\MSINET.oca
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-21 20:44 . 2008-07-21 20:44 <DIR> d-------- C:\fsaua.data
2008-07-21 20:30 . 2008-06-10 02:32 73,728 --a------ C:\WINNT\system32\javacpl.cpl
2008-07-21 20:28 . 2008-07-21 20:30 <DIR> d-------- C:\Program Files\Java
2008-07-21 20:28 . 2008-07-21 20:28 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-21 01:25 . 2008-07-21 01:57 1,374 --a------ C:\WINNT\imsins.BAK
2008-07-21 01:04 . 2008-04-23 12:16 63,488 -----c--- C:\WINNT\system32\dllcache\icardie.dll
2008-07-20 21:30 . 2007-09-07 18:04 524,317 -----c--- C:\WINNT\system32\dllcache\kodakimg.exe
2008-07-20 21:30 . 2007-09-08 01:57 448,029 -----c--- C:\WINNT\system32\dllcache\oieng400.dll
2008-07-20 21:30 . 2007-09-07 18:04 73,245 -----c--- C:\WINNT\system32\dllcache\kodakprv.exe
2008-07-20 21:30 . 2007-09-08 01:57 38,941 -----c--- C:\WINNT\system32\dllcache\jpeg2x32.dll
2008-07-20 21:30 . 2007-09-08 01:57 33,307 -----c--- C:\WINNT\system32\dllcache\tifflt.dll
2008-07-20 21:20 . 2008-07-20 21:20 <DIR> d-------- C:\Program Files\Auslogics
2008-07-20 21:20 . 2008-07-20 21:20 <DIR> d-------- C:\Documents and Settings\computer\Application Data\Auslogics
2008-07-19 18:06 . 2008-07-21 20:43 <DIR> d-------- C:\WINNT\system32\CatRoot2
2008-07-11 21:37 . 2008-07-11 21:37 <DIR> d-------- C:\Documents and Settings\computer\Application Data\Malwarebytes
2008-07-11 21:37 . 2008-07-11 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 21:37 . 2008-07-07 17:35 34,296 --a------ C:\WINNT\system32\drivers\mbamcatchme.sys
2008-07-11 21:37 . 2008-07-07 17:35 17,144 --a------ C:\WINNT\system32\drivers\mbam.sys
2008-07-11 21:36 . 2008-07-11 21:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 21:36 . 2008-07-11 21:36 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-30 00:46 . 2008-06-30 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-06-30 00:46 . 2008-06-30 00:46 51 --a------ C:\WINNT\brmx2001.ini
2008-06-25 01:16 . 2008-06-25 18:11 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-25 01:15 . 2008-07-20 21:40 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-06-25 01:15 . 2008-06-25 01:15 1,409 --a------ C:\WINNT\QTFont.for
2008-06-24 00:54 . 2008-07-22 18:51 <DIR> d-------- C:\WINNT\system32\drivers\Avg
2008-06-24 00:54 . 2008-06-25 01:14 <DIR> d-------- C:\Documents and Settings\computer\Application Data\AVGTOOLBAR
2008-06-24 00:54 . 2008-07-04 20:02 96,520 --a------ C:\WINNT\system32\drivers\avgldx86.sys
2008-06-24 00:54 . 2008-07-04 20:03 76,040 --a------ C:\WINNT\system32\drivers\avgtdix.sys
2008-06-24 00:54 . 2008-07-04 20:02 10,520 --a------ C:\WINNT\system32\avgrsstx.dll
2008-06-24 00:53 . 2008-06-24 00:53 <DIR> d-------- C:\Program Files\AVG
2008-06-24 00:53 . 2008-06-24 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 21:24 --------- d-----w C:\Documents and Settings\computer\Application Data\MegauploadToolbar
2008-07-21 11:40 --------- d-----w C:\Program Files\Creative
2008-07-20 16:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-20 16:38 --------- d-----w C:\Documents and Settings\computer\Application Data\AdobeUM
2008-07-20 13:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-20 13:50 --------- d-----w C:\Program Files\Google
2008-07-20 13:47 --------- d-----w C:\Program Files\DivX
2008-07-20 13:42 --------- d-----w C:\Program Files\QuickTime
2008-07-20 13:41 --------- d-----w C:\Program Files\Ulead Systems
2008-07-20 13:37 --------- d-----w C:\Program Files\FileZilla
2008-07-20 13:34 --------- d-----w C:\Program Files\Common Files\Real
2008-07-20 13:33 --------- d-----w C:\Program Files\Winamp
2008-07-20 13:33 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-11 14:06 --------- d-----w C:\Program Files\Trend Micro
2008-07-11 13:32 --------- d-----w C:\Program Files\CCleaner
2008-07-11 13:32 --------- d-----w C:\Program Files\ABC 3GP Converter
2008-06-24 12:40 2,505 ----a-w C:\Program Files\Microsoft Office Word 2003.lnk
2008-06-23 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-14 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\VOWSoft
2008-06-13 14:24 --------- d-----w C:\Documents and Settings\computer\Application Data\Hamachi
2008-06-13 14:03 25,280 ----a-w C:\WINNT\system32\drivers\hamachi.sys
2008-06-13 13:10 272,128 ------w C:\WINNT\system32\drivers\bthport.sys
2008-05-28 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 15:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 15:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 05:18 1,287,680 ----a-w C:\WINNT\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINNT\system32\wininet.dll
2006-04-24 14:31 39,176 ------w C:\Documents and Settings\computer\Application Data\GDIPFONTCACHEV1.DAT
2004-09-09 14:07 271 --sh--w C:\Program Files\desktop.ini
2004-09-09 14:07 21,952 ---h--w C:\Program Files\folder.htt
2001-11-23 04:08 712,704 ------w C:\WINNT\inf\OTHER\AUDIO3D.DLL
2005-02-10 13:45 56 --sh--r C:\WINNT\system32\31F51C5CBC.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 15:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 09:33 45108]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 10:07 36864]
"SetDefPrt"="C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 15:31 45056]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 20:03 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Synchronization Manager"="mobsync.exe" [2004-08-04 15:56 143360 C:\WINNT\system32\mobsync.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINNT\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 15:56 214528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-03 11:29:12 1568768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\computer\\Desktop\\Programs\\Mahjong2002\\igsmj2.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [2008-07-04 20:02]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 20:03]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 20:03]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINNT\system32\Drivers\avgtdix.sys [2008-07-04 20:03]
R3 brfilt;Brother MFC Filter Driver;C:\WINNT\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
R3 BrSerWDM;Brother Serial driver;C:\WINNT\system32\Drivers\BrSerWdm.sys [2003-03-14 00:04]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINNT\system32\Drivers\BrUsbMdm.sys [2001-08-17 13:12]
R3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINNT\system32\Drivers\BrUsbScn.sys [2001-08-17 13:12]
R3 kbdcap;kbdcap;C:\WINNT\system32\drivers\kbdcap.sys [2006-09-20 21:18]
S2 enampdat;SpeedStream DSL AMP Protocol Driver for Windows 2000;C:\WINNT\system32\DRIVERS\enampdat.sys []
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINNT\system32\DRIVERS\ADM8511.SYS [2001-08-17 12:11]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;C:\WINNT\system32\DRIVERS\ADM851X.SYS [2005-04-06 22:08]
S3 AdWatchDrv;AW Realtime Driver;C:\WINNT\system32\drivers\AWRTPD.sys []
S3 AmeAtmPc;AmeAtmPc;C:\WINNT\system32\DRIVERS\AmeAtmPc.sys []
S3 AtmElan;ATM Emulated LAN;C:\WINNT\system32\DRIVERS\atmlane.sys [2004-08-04 13:58]
S3 AtmLane;ATM LAN Emulation;C:\WINNT\system32\DRIVERS\atmlane.sys [2004-08-04 13:58]
S3 EfntRfc1483;Efficient Networks RFC 1483 Intermediate Driver;C:\WINNT\system32\DRIVERS\efnt1483.sys []
S3 en4060load;Efficient Networks 4060 USB Load Service;C:\WINNT\system32\DRIVERS\en4060ld.sys []
S3 geebers12;geebers12;C:\Documents and Settings\computer\My Documents\Jie Xuan\Xterminator Engine\Xterminator.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINNT\system32\DRIVERS\s816bus.sys [2007-06-19 15:51]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\s816mdfl.sys [2007-06-19 15:51]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\s816mdm.sys [2007-06-19 15:51]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\s816mgmt.sys [2007-06-19 15:51]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINNT\system32\DRIVERS\s816nd5.sys [2007-06-19 15:51]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\s816obex.sys [2007-06-19 15:51]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINNT\system32\DRIVERS\s816unic.sys [2007-06-19 15:51]
S3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [2003-06-19 12:05]
S4 BsUDF;InCD UDF Driver;C:\WINNT\system32\drivers\BsUDF.sys [2002-06-28 10:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e073c94a-3aa7-11dc-92e4-00e018b2d01c}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-21 19:44:28 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2005-04-15 13:23:39 C:\WINNT\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.hwachong.edu.sg
R0 -: HKLM-Main,Start Page = hxxp://www.hwachong.edu.sg
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyServer = www.bangky.net:8081
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab
C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINNT\Java\classes\xmldso.cab
C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 20:17:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-22 20:19:22
ComboFix-quarantined-files.txt 2008-07-22 12:18:58
ComboFix2.txt 2007-06-23 15:38:27

Pre-Run: 4,249,784,320 bytes free
Post-Run: 4,295,389,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

192 --- E O F --- 2008-07-21 21:47:54

---


That is my combofix log, I installed the recovery console together with a scan from combofix. Apparently it fixed the cpu usage thing as well! So no problem right now!

However, msn messenger still cant be run and my video playbacks are still not working. Do help me take another look into this log if it helps =)

Thanks alot really! I've never expected to receive so much help from the internet. The stupid computer repair companies only call to say that I should reformat my computer without doing anything much except running virus scans. So thanks alot! You guys here are the best =)

rabien
  • 0

#14
Essexboy
Posted 22 July 2008 - 12:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you uninstalled and then re-installed the two suspect programmes (messenger and Video player )

What is the video player you use ?
  • 0

#15
rabien
Posted 22 July 2008 - 03:02 PM

rabien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Yes I did, several times in fact. It doesn't work. I usually use VLC media player for video playback.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP