Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

All sorts of trouble... [Solved]

Started by Casper_aa , Jan 13 2009 11:48 AM

  • This topic is locked This topic is locked

#1
Casper_aa
Posted 13 January 2009 - 11:48 AM

Casper_aa

    Member

  • Member
  • PipPip
  • 57 posts
Ok so recently i fought off a Spyware Guard 2008 infection thanks to Malwarebytes and a couple of other programs. But it kept coming back and i kept having to remove it. Eventually it stopped and i thought things were ok but now everyday im getting all sorts of things being detected (mainly trojans) and their names keep changing so im not sure what im infected with exactly.

Unfortunately no matter how many scans i do, stuff keeps coming back. I will note i have been doing my scans in safe mode to be sure.

I have given up fighting this stuff myself as i am not capable enough so i came here for help.

Here is my hijackthis.log followed by my uninstall list:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:24, on 13/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\USB Product Driver v2.33r005\shwicon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Explorer provided by Wanadoo
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

- C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} -

C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE"

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShowIcon_JustRams_USB Product Driver v2.33r005] "C:\Program Files\USB

Product Driver v2.33r005\shwicon.exe" -t"JustRams\USB Product Driver v2.33r005"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX

Object\pmsngr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program

Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and

Settings\King Ally\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} -

https://authenticate...olInstaller.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -

http://www.creative....009/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -

https://www.wanadoo....rs/sd0101_5.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) -

http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) -

http://www.easports....ommon/ieell.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) -

http://musicstore.co...ALStreaming.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) -

http://update.videoe...ggPublisher.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) -

https://mysupport.na...pdatePortal.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -

http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} -

http://www.earthetc....plugins/ncs.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control

Class) - http://esupport.epso...rg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s

ssiPictureUploader Control) -

http://img.funtigo.c...ureUploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -

http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl

Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) -

http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) -

http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -

http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

http://messenger.zon...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support

Package) - http://www.creative....15010/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

http://messenger.zon...wn.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon -

{553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION

- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: High Quality Decompress Service (HQDecompressService) - Unknown owner -

C:\Program Files\Common Files\HQManager\hqdecsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner -

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner -

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 11374 bytes


Uninstall list:

4oD
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 8.0
Bonjour
CCleaner (remove only)
CCScore
CDDRV_Installer
Civilization III Complete Edition
Compatibility Pack for the 2007 Office system
CoreVorbis Audio Decoder (remove only)
Creative Jukebox Driver
Creative Mass Storage Drivers
Creative MediaSource
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative Zen Nano Plus
Creative Zen Touch
Creative ZEN Vision M Series
DivX Web Player
EAX4 Unified Redist
EPSON Printer Software
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Etomi (remove only)
Fallout 2 Unofficial Patch 1.02.25
Fallout Tactics
Fallout2
Football Manager 2007
GameTap
Google Earth
Google Video Player
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HijackThis 2.0.2
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Indeo® Software
Internet Explorer 7 Beta 2
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 11
Java™ SE Runtime Environment 6 Update 1
KeyTweak - Keyboard Remapper (remove only)
kgcbase
KhalInstallWrapper
Kodak EasyShare software
KSU
LimeWire
LimeWire 4.18.8
Logitech Registration
Logitech SetPoint
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
MINERVA: Metastasis
MINERVA: Metastasis 2
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Music Manager
My DSC
Notifier
NVIDIA Drivers
OfotoXMI
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Secure Module 4.3.00
OTtBP
OTtBPSDK
Outcast Desktop Theme
PDF Manual NW-A10003000
Portal
Power2Go 3.0
PowerDVD
PowerProducer
Project64 1.6
QuickTime
RealPlayer
Realtek AC'97 Audio
Rome - Total War
Rome Total War - patch 1.3
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SFR
SFR2
SHASTA
Sid Meier's Civilization 4
Sid Meier's Civilization Chronicles
SKIN0001
SKINXSDK
Sky Anytime
SpeechRedist
SpeedTouch USB Software
SPORE™
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
staticcr
System Requirements Lab
Team Fortress 2
Unreal Editor
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
USB Product Driver v2.33r005
V92 PCI Voice Faxmodem
VDMSound 2.0.4
VIA Rhine-Family Fast Ethernet Adapter
VideoLAN VLC media player 0.8.1
VPRINTOL
Wanadoo
Wanadoo Connection Kit v1.5
WD Diagnostics
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
WIRELESS
Worms Armageddon
YouTube Uploader
ZENcast Organizer
  • 0

Advertisements

#2
kahdah
Posted 16 January 2009 - 06:59 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Casper_aa

Welcome to G2Go. :)
=====================

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#3
Casper_aa
Posted 16 January 2009 - 07:41 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Logfile of random's system information tool 1.05 (written by random/random)
Run by King Ally at 2009-01-16 13:34:24
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 80 GB (43%) free of 188 GB
Total RAM: 767 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:22, on 16/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\USB Product Driver v2.33r005\shwicon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\King Ally\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\King Ally.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShowIcon_JustRams_USB Product Driver v2.33r005] "C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" -t"JustRams\USB Product Driver v2.33r005"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\King Ally\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - https://authenticate...olInstaller.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - https://www.wanadoo....rs/sd0101_5.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports....ommon/ieell.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoe...ggPublisher.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://www.earthetc....plugins/ncs.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epso...rg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: High Quality Decompress Service (HQDecompressService) - Unknown owner - C:\Program Files\Common Files\HQManager\hqdecsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 11530 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{A9C82955-5237-4C25-A479-404FB557E434}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-01 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-08 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-09 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8B68564D-53FD-4293-B80C-993A9F3988EE} - Wanadoo - C:\WINDOWS\system32\WSBar.dll [2004-02-12 286720]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-09 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2003-06-11 4608]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-08 136600]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-01 86016]
"ShowIcon_JustRams_USB Product Driver v2.33r005"=C:\Program Files\USB Product Driver v2.33r005\shwicon.exe [2005-04-22 81920]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"none"=C:\Program Files\Video ActiveX Object\pmsngr.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WebCamRT.exe"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clean Space 10 trayagent]
C:\PROGRA~1\TEOSOFT.COM\trayagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\King Ally\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-08-14 119280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-04-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.2.6.lnk]
C:\PROGRA~1\LimeWire\LIMEWI~1.6\LimeWire.exe [2008-09-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-04-23 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^King Ally^Start Menu^Programs^Startup^YouTube Uploader.lnk]
C:\DOCUME~1\KINGAL~1\LOCALS~1\APPLIC~1\YouTube\Uploader\YOUTUB~1.EXE [2007-11-09 71152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-01-22 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll [2006-04-13 5104128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOW
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe:*:Enabled:Dr SpeedTouch"
"C:\WINDOWS\System32\dpnsvr.exe"="C:\WINDOWS\System32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\System32\dxdiag.exe"="C:\WINDOWS\System32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\System32\rtcshare.exe"="C:\WINDOWS\System32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\UT2003\System\UT2003.exe"="C:\UT2003\System\UT2003.exe:*:Disabled:UT2003"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\Etomi\Shareaza.exe"="C:\Program Files\Etomi\Shareaza.exe:*:Enabled:Etomi Ultimate File Sharing"
"C:\Program Files\Eidos\CM 03-04\cm0304.exe"="C:\Program Files\Eidos\CM 03-04\cm0304.exe:*:Enabled:Championship Manager 03/04"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\eDonkey2000\edonkey2000.exe"="C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\system32\ccapp.exe"="%windir%\system32\ccapp.exe:*:Enabled:System Process"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\jambojames\half-life 2\hl2.exe"="C:\Program Files\Steam\steamapps\jambojames\half-life 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\jambojames\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\jambojames\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\jambojames\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\jambojames\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe:*:Enabled:Football Manager 2007"
"C:\Program Files\Steam\steamapps\jambojames\the ship\ship.exe"="C:\Program Files\Steam\steamapps\jambojames\the ship\ship.exe:*:Enabled:ship"
"C:\Program Files\Sierra\FEAR\fpupdate.exe"="C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Documents and Settings\King Ally\Desktop\utorrent.exe"="C:\Documents and Settings\King Ally\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\MSN BackUp\MSNBackup.exe"="C:\Program Files\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Steam\steamapps\jambojames\garrysmod\hl2.exe"="C:\Program Files\Steam\steamapps\jambojames\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\King Ally\Local Settings\Temp\winlogon.exe"="C:\Documents and Settings\King Ally\Local Settings\Temp\winlogon.exe:*:Enabled:winlogon"
"C:\Documents and Settings\King Ally\My Documents\utorrent.exe"="C:\Documents and Settings\King Ally\My Documents\utorrent.exe:*:Enabled:µTorrent"
"C:\UnrealTournament\System\UnrealTournament.exe"="C:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Steam\steamapps\jambojames\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\jambojames\team fortress 2\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Sid Meier's Civilization Chronicles\Sid Meier's Civilization II Multiplayer Gold\civ2.exe"="C:\Program Files\Sid Meier's Civilization Chronicles\Sid Meier's Civilization II Multiplayer Gold\civ2.exe:*:Enabled:civ2"
"C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE"="C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Enabled:Age of Empires II"
"C:\Program Files\Sunflowers\ParaWorld\bin\PWServer.exe"="C:\Program Files\Sunflowers\ParaWorld\bin\PWServer.exe:*:Enabled:ParaWorld Server"
"C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Documents and Settings\Gina\Desktop\incredimail_install.exe"="C:\Documents and Settings\Gina\Desktop\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Gina\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe"="C:\Documents and Settings\Gina\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\UT2004\System\UT2004.exe"="C:\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Croteam\Serious Sam\Bin\SeriousSam.exe"="C:\Program Files\Croteam\Serious Sam\Bin\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\Program Files\Croteam\Serious Sam - The Second Encounter\Bin\SeriousSam.exe"="C:\Program Files\Croteam\Serious Sam - The Second Encounter\Bin\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\Program Files\Serious Sam 2\Bin\Sam2.exe"="C:\Program Files\Serious Sam 2\Bin\Sam2.exe:*:Enabled:Sam2"
"C:\Documents and Settings\King Ally\Desktop\New Folder\F3.exe"="C:\Documents and Settings\King Ally\Desktop\New Folder\F3.exe:*:Enabled:F3"
"C:\Team17\Worms Armageddon\wa.exe"="C:\Team17\Worms Armageddon\wa.exe:*:Enabled:Worms Armageddon"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f48c8fc-4396-11dd-9744-001109aa659d}]
shell\AutoRun\command - E:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 1 months======

2009-01-16 13:34:24 ----D---- C:\rsit
2009-01-15 15:42:32 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-01-15 15:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 17:47:16 ----D---- C:\Program Files\Trend Micro
2009-01-13 16:24:09 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-13 16:24:01 ----D---- C:\Program Files\MSBuild
2009-01-13 16:23:44 ----D---- C:\Program Files\Reference Assemblies
2009-01-13 16:20:12 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-01-13 16:20:12 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-01-13 16:20:11 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-01-13 16:20:10 ----D---- C:\a2c71828c439325f27c314
2009-01-13 16:18:23 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-13 16:05:59 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-01-13 16:05:45 ----D---- C:\Program Files\MSXML 6.0
2009-01-13 15:35:13 ----D---- C:\WINDOWS\Prefetch
2009-01-13 14:57:55 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-13 14:57:45 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-01-13 14:56:19 ----A---- C:\WINDOWS\system32\autochk.exe
2009-01-13 14:56:19 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-01-13 14:56:18 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-01-13 14:56:18 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-01-13 14:56:18 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-01-13 14:56:18 ----A---- C:\WINDOWS\system32\cmd.exe
2009-01-13 14:56:18 ----A---- C:\WINDOWS\system32\cacls.exe
2009-01-13 14:56:18 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\locator.exe
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\localspl.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\ftp.exe
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\format.com
2009-01-13 14:56:17 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\samlib.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\rasman.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\printui.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-01-13 14:56:16 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-01-13 14:56:15 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-01-13 14:56:15 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-01-13 14:56:15 ----A---- C:\WINDOWS\system32\smss.exe
2009-01-13 14:56:15 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-01-13 14:56:15 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-13 14:56:15 ----A---- C:\WINDOWS\system32\services.exe
2009-01-13 14:56:15 ----A---- C:\WINDOWS\system32\schannel.dll
2009-01-13 14:56:15 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-01-13 14:56:15 ----A---- C:\WINDOWS\system32\savedump.exe
2009-01-13 14:56:15 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-01-13 14:56:14 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-01-13 14:56:14 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-01-13 14:56:14 ----A---- C:\WINDOWS\system32\userinit.exe
2009-01-13 14:56:14 ----A---- C:\WINDOWS\system32\untfs.dll
2009-01-13 14:56:14 ----A---- C:\WINDOWS\system32\ulib.dll
2009-01-13 14:56:14 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-01-13 14:56:10 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-01-13 14:56:10 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-01-13 14:56:10 ----A---- C:\WINDOWS\system32\hal.dll
2009-01-13 14:56:10 ----A---- C:\WINDOWS\system32\asfsipc.dll
2009-01-12 19:50:52 ----A---- C:\WINDOWS\imsins.BAK
2009-01-10 12:51:30 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-09 22:01:18 ----D---- C:\WORMSCD
2009-01-09 21:52:37 ----D---- C:\Program Files\VDMSound
2009-01-07 18:55:37 ----D---- C:\jdk
2009-01-02 21:58:38 ----D---- C:\Documents and Settings\King Ally\Application Data\Malwarebytes
2009-01-02 21:58:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-02 21:58:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-02 21:26:29 ----A---- C:\WINDOWS\system32\stu2.exe
2008-12-17 17:13:15 ----A---- C:\WINDOWS\wa.INI
2008-12-17 15:52:33 ----D---- C:\Team17

======List of files/folders modified in the last 1 months======

2009-01-16 13:35:21 ----D---- C:\WINDOWS\Temp
2009-01-16 13:35:10 ----D---- C:\Documents and Settings\King Ally\Application Data\LimeWire
2009-01-16 13:29:14 ----D---- C:\Program Files\Mozilla Firefox
2009-01-16 12:20:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-15 19:14:57 ----D---- C:\WINDOWS
2009-01-15 15:45:56 ----D---- C:\Config.Msi
2009-01-15 15:45:25 ----SHD---- C:\WINDOWS\Installer
2009-01-15 15:42:51 ----D---- C:\WINDOWS\system32
2009-01-15 15:42:37 ----HD---- C:\WINDOWS\inf
2009-01-15 15:42:36 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-15 15:42:03 ----D---- C:\WINDOWS\system32\drivers
2009-01-15 15:40:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-15 15:37:13 ----D---- C:\WINDOWS\Debug
2009-01-15 14:53:07 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 22:13:24 ----D---- C:\Program Files\Messenger
2009-01-13 22:13:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-13 17:47:16 ----D---- C:\Program Files
2009-01-13 17:37:46 ----D---- C:\Program Files\HijackThis
2009-01-13 17:32:22 ----HD---- C:\$AVG8.VAULT$
2009-01-13 17:03:34 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-13 17:03:33 ----RSD---- C:\WINDOWS\assembly
2009-01-13 16:26:30 ----D---- C:\WINDOWS\WinSxS
2009-01-13 16:25:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-13 16:24:03 ----D---- C:\WINDOWS\system32\en-US
2009-01-13 16:23:54 ----RSD---- C:\WINDOWS\Fonts
2009-01-13 16:22:16 ----D---- C:\WINDOWS\system32\spool
2009-01-13 16:21:23 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-13 15:34:30 ----D---- C:\WINDOWS\system32\wbem
2009-01-13 15:34:30 ----D---- C:\WINDOWS\AppPatch
2009-01-13 15:34:29 ----D---- C:\WINDOWS\system32\Setup
2009-01-13 15:33:18 ----D---- C:\WINDOWS\security
2009-01-13 15:31:40 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-13 15:27:47 ----D---- C:\WINDOWS\system32\bits
2009-01-13 15:27:14 ----D---- C:\WINDOWS\system32\usmt
2009-01-13 15:27:10 ----D---- C:\WINDOWS\system32\Restore
2009-01-13 15:27:10 ----D---- C:\WINDOWS\system32\oobe
2009-01-13 15:27:09 ----D---- C:\WINDOWS\system32\npp
2009-01-13 15:26:46 ----D---- C:\WINDOWS\system32\Com
2009-01-13 15:23:48 ----D---- C:\WINDOWS\system
2009-01-13 15:23:48 ----D---- C:\WINDOWS\srchasst
2009-01-13 15:20:53 ----D---- C:\WINDOWS\peernet
2009-01-13 15:20:50 ----D---- C:\WINDOWS\msagent
2009-01-13 15:20:38 ----D---- C:\WINDOWS\ime
2009-01-13 15:20:38 ----D---- C:\WINDOWS\Help
2009-01-13 15:20:22 ----D---- C:\Program Files\Windows NT
2009-01-13 15:20:22 ----D---- C:\Program Files\Windows Media Player
2009-01-13 15:20:21 ----D---- C:\Program Files\Outlook Express
2009-01-13 15:20:20 ----D---- C:\Program Files\NetMeeting
2009-01-13 15:20:17 ----D---- C:\Program Files\Movie Maker
2009-01-13 15:19:53 ----D---- C:\Program Files\Common Files\System
2009-01-13 15:19:06 ----D---- C:\WINDOWS\system32\scripting
2009-01-13 15:19:06 ----D---- C:\WINDOWS\system32\en
2009-01-13 15:18:59 ----D---- C:\WINDOWS\network diagnostic
2009-01-13 15:18:59 ----D---- C:\WINDOWS\l2schemas
2009-01-13 15:18:52 ----SD---- C:\WINDOWS\Tasks
2009-01-13 15:03:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-13 14:55:49 ----D---- C:\WINDOWS\EHome
2009-01-10 18:45:19 ----D---- C:\Program Files\DOSBox-0.72
2009-01-10 01:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-09 16:44:28 ----D---- C:\Documents and Settings\King Ally\Application Data\uTorrent
2009-01-07 19:19:05 ----D---- C:\Program Files\Java
2009-01-05 21:08:32 ----RASH---- C:\boot.ini
2009-01-05 21:08:32 ----A---- C:\WINDOWS\win.ini
2009-01-05 21:08:32 ----A---- C:\WINDOWS\system.ini
2009-01-04 20:40:50 ----D---- C:\WINDOWS\Minidump
2009-01-03 20:21:21 ----A---- C:\WINDOWS\wininit.ini
2009-01-03 19:26:38 ----D---- C:\Program Files\MSN Messenger
2009-01-03 16:18:03 ----D---- C:\Documents and Settings\King Ally\Application Data\Lavasoft
2009-01-02 21:27:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-30 12:28:57 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-12-27 18:44:00 ----D---- C:\WINDOWS\system32\config
2008-12-21 11:47:07 ----D---- C:\Documents and Settings
2008-12-17 11:57:00 ----D---- C:\Program Files\Steam

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-01 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-09 26824]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-07-16 13056]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2003-08-29 79165]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-02-01 165376]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-02-01 18048]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-06-11 11043]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2003-06-11 30592]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R2 X4HSX32;X4HSX32; \??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-01-22 2845696]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-11-07 169856]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-06-11 1063040]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-06-11 196352]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-06-11 631296]
S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\MIKEAL~1\LOCALS~1\Temp\ewdmaudn.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2004-08-19 16880]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NaiFiltr;NaiFiltr; C:\WINDOWS\System32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 QCEmerald;Logitech QuickCam Web; C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 STEAMDVR;STEAMDVR; \??\C:\Documents and Settings\James Allen\Start Menu\Programs\Steam\bin\x86\SteamDvr.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-01-22 512000]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2005-11-28 229376]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2000-11-17 114688]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-08 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-01-22 593920]
S2 HQDecompressService;High Quality Decompress Service; C:\Program Files\Common Files\HQManager\hqdecsvc.exe []
S2 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding []
S2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe []
S2 MskService;McAfee SpamKiller Server; C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-08-30 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-08-30 69718]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
S4 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
S4 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-08-30 53337]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.05 2
  • 0

#4
kahdah
Posted 16 January 2009 - 07:46 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi are you still getting detections?
  • 0

#5
Casper_aa
Posted 16 January 2009 - 08:07 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Not had any detections for a while come to think of it, my problems either gone away or in hiding.
  • 0

#6
kahdah
Posted 16 January 2009 - 08:17 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi go to Sratrt > Run then paste in this:
C:\Program Files\Trend Micro\HijackThis\King Ally.exe then hit ok.

This will start Hijackthis
click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab



Now click on Fix Checked and then close Hijackthis.
=========
After that delete this folder if present:
C:\Program Files\Video ActiveX Object

Then empty your recycle bin.
=============================
AFter that please update both MalwareBYtes and AVg 8.0 and then run full scans again with both programs remove what they find then post both the logs they produce.
  • 0

#7
Casper_aa
Posted 16 January 2009 - 03:12 PM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I did both scans in safe mode as i usually get better results that way, but avg didnt provide a log this way so i just clicked "export overview to file..." once i had rebooted and i'll post what was in that. Hope thats ok, not sure if it is any different.

Malwarebytes' Anti-Malware 1.31
Database version: 1597
Windows 5.1.2600 Service Pack 2

16/01/2009 17:53:29
mbam-log-2009-01-16 (17-53-08).txt

Scan type: Quick Scan
Objects scanned: 104503
Time elapsed: 1 hour(s), 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--AVG Scan--

"Scan ""Command line scan"" was finished."
"Infections found:";"9"
"Infected objects removed or healed:";"9"
"Not removed or healed:";"0"
"Spyware found:";"1"
"Spyware removed:";"1"
"Not removed:";"0"
"Warnings count:";"2"
"Information count:";"37"
"Scan started:";"16 January 2009, 16:37:50"
"Scan finished:";"16 January 2009, 20:54:15 (4 hour(s) 16 minute(s) 24 second(s))"
"Total object scanned:";"880928"
"User who launched the scan:";"Administrator"

"Infections"
"File";"Infection";"Result"
"C:\Documents and Settings\Mike Allen\Local Settings\Temporary Internet Files\Content.IE5\FRJL6KNJ\443av[1].exe";"Trojan horse Agent.ATXX";"Moved to Virus Vault"
"C:\Documents and Settings\Mike Allen\Local Settings\Temp\ie5.tmp";"Trojan horse Agent.ATXX";"Moved to Virus Vault"
"C:\Documents and Settings\King Ally\Local Settings\Temporary Internet Files\Content.IE5\GNXIS4KR\443[1].exe";"Trojan horse FakeAlert.EL";"Moved to Virus Vault"
"C:\Documents and Settings\King Ally\Local Settings\Temporary Internet Files\Content.IE5\BP59SCZE\SpywareGuard2008[1].exe";"Trojan horse Generic12.AOMJ";"Moved to Virus Vault"
"C:\Documents and Settings\King Ally\Local Settings\Temporary Internet Files\Content.IE5\BP59SCZE\coke[1]";"Trojan horse SHeur2.JYI";"Moved to Virus Vault"
"C:\Documents and Settings\King Ally\Local Settings\Temporary Internet Files\Content.IE5\BP59SCZE\44[2].exe";"Trojan horse Agent.ATTK";"Moved to Virus Vault"
"C:\Documents and Settings\King Ally\Local Settings\Temp\ie2B.tmp";"Trojan horse Agent.ATTK";"Moved to Virus Vault"
"C:\Documents and Settings\King Ally\Local Settings\Temp\ie18.tmp";"Trojan horse Downloader.Generic8.NKR";"Moved to Virus Vault"
"C:\Documents and Settings\King Ally\Local Settings\Temp\ie12.tmp";"Trojan horse Downloader.Generic8.NKR";"Moved to Virus Vault"

"Spyware"
"File";"Infection";"Result"
"C:\Documents and Settings\King Ally\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32";"Adware Generic2.KBT";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"HKU\S-1-5-18\Software\New.net";"Found Adware.NewDotNet";"Potentially dangerous object"
"HKU\.DEFAULT\Software\New.net";"Found Adware.NewDotNet";"Potentially dangerous object"

"Information"
"File";"Infection";"Result"
"C:\WINDOWS\system32\MsDtc\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\system.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\SYSTEM";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\software.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\SOFTWARE";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\SECURITY.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\SAM.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\default.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\DEFAULT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\McShield.exe.20060331-211132-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\logonui.exe.20060331-211214-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\logonui.exe.20060331-211212-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\logonui.exe.20060331-211209-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\logonui.exe.20060331-211207-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\logonui.exe.20060331-211205-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\logonui.exe.20060331-211203-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\logonui.exe.20060331-211201-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\logonui.exe.20060331-211157-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\logonui.exe.20060331-211153-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\PCHealth\ERRORREP\UserDumps\logonui.exe.20060331-211149-00.hdmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\King Ally\Local Settings\Temporary Internet Files\AntiPhishing\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Gina\Local Settings\Temporary Internet Files\AntiPhishing\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Administrator\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Administrator\ntuser.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\a2c71828c439325f27c314\i386\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\a2c71828c439325f27c314\amd64\";"Locked file. Not tested.";"Locked file. Not tested."
  • 0

#8
kahdah
Posted 16 January 2009 - 05:53 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
It appears that you have to re-run Malwarebytes again because it says no action taken.
You will have to let it remove what it finds.

After doing that post the Malwarebytes log and we will go from there.
  • 0

#9
Casper_aa
Posted 17 January 2009 - 06:49 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I must have saved the log before i removed them. I did another scan but they turned up again, of course i removed them again but i dont know if they will come back.

Malwarebytes' Anti-Malware 1.31
Database version: 1597
Windows 5.1.2600 Service Pack 2

17/01/2009 12:39:59
mbam-log-2009-01-17 (12-39-59).txt

Scan type: Quick Scan
Objects scanned: 104070
Time elapsed: 42 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
kahdah
Posted 17 January 2009 - 07:16 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go to Start>Run type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as findthis.bat on your Desktop.
@Echo off

regedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit"
start notepad look.txt

Then please double click on findthis.bat a window will open and close quickly.This is normal.
Please post the contents of the Notepad document that opens.
  • 0

Advertisements

#11
Casper_aa
Posted 17 January 2009 - 07:32 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
The document it opened is blank?
  • 0

#12
kahdah
Posted 17 January 2009 - 07:41 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
then there is nothing present.

How is everything running now?
  • 0

#13
Casper_aa
Posted 17 January 2009 - 08:04 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Everything seems to be running fine for now, haven't had any detections recently or anything. Is there anything else i should do?
  • 0

#14
kahdah
Posted 17 January 2009 - 08:16 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
  • 0

#15
Casper_aa
Posted 17 January 2009 - 08:32 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Thanks a lot for the help!! :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP