Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG Popups: Trojan Horse Rootkit.Agent.CW

Started by kbco , Apr 04 2009 01:56 PM

  • Please log in to reply

#1
kbco
Posted 04 April 2009 - 01:56 PM

kbco

    New Member

  • Member
  • Pip
  • 1 posts
AVG Popups: Trojan Horse Rootkit.Agent.CW
...and backdoor.generic11.CEG, Agent.AVTB, etc.

We're running AVG v8.0.238 w/ latest updates. It continually was popping up with all sorts of file warnings like those in the title of this post. When I selected all the infected files to heal or quarantine, AVG would report that "Some files cannot be healed. Specified file was not found."

I followed every step of the "Malware and Spyware Cleaning Guide", but I'm afraid that I still have problems. Malwarebytes' Anti-Malware looked promising. It detected a bunch of rootkit-infected files. I requested it to remove all the files. It did and requested a reboot. I rebooted and ran Malwarebyte again. It detected a single trojan-infected file. I requested it to remove the file. It said it succeeded. I rebooted again, anyway.

NOTE: Every time I reboot, a strange system dialog box pops up regarding the DLL initialization of extra.exe: "The application failed to initialize because the window station is shutting down."

I was hoping that everything was fine. Unfortunately, the AVG popups continue.

Next, I ran Rooter.exe and OTListIt2 to get logs. These are presented below. In addition, I ran GMER which showed something interesting. In the processes tab, it showed that the following process was hidden:

C:\Documents and Settings\extra\extra.exe

In addition, GMER showed that this particular process would continually modify its PID at least once per second or more. Also, new instances of "extra.exe" seem to be created randomly and hang around. I counted more than 10 at a time. But that number varies.

Anyway, thanks in advance for any help. The logs below are from Rooter then followed by OTListIt


Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:238464 Mo/Free:601 Mo)
D:\ [Fixed] - NTFS - (Total:19085 Mo/Free:3739 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)

Sat 04/04/2009|11:35

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Wacom_Tablet.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\Program Files\Canon\CAL\CALMAIN.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
---------- C:\WINDOWS\system32\Wacom_Tablet.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
---------- C:\WINDOWS\system32\Rundll32.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
---------- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
---------- C:\Program Files\Microsoft Office\Office\OSA.EXE
---------- C:\Program Files\Greetings Workshop\GWREMIND.EXE
---------- C:\Program Files\SpamBayes\bin\sb_tray.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Documents and Settings\extra\extra.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/04/2009|11:36

----------------------\\ Scan completed at 11:36





OTListIt logfile created on: 4/4/2009 11:42:08 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.10.0 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 468.88 Mb Available Physical Memory | 45.81% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 156.59 Gb Free Space | 67.24% Space Free | Partition Type:

NTFS
Drive D: | 18.64 Gb Total Space | 7.65 Gb Free Space | 41.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: extra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()
PRC - C:\Program Files\Greetings Workshop\GWREMIND.EXE (Microsoft Corporation)
PRC - C:\Program Files\SpamBayes\bin\sb_tray.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) --

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ,

s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ,

s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple

Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) --

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft

Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple

Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun

Microsystems, Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (TabletServiceWacom [Auto | Running]) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom

Technology, Corp.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe

(Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek

Semiconductor Corp.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro

Devices)
DRV - (AVG Anti-Rootkit [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys (GRISOFT,

s.r.o.)
DRV - (AvgArCln [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AvgArCln.sys (GRISOFT, s.r.o.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies

CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies

CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies

CZ, s.r.o.)
DRV - (BrScnUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys (Brother

Industries Ltd.)
DRV - (BrSerIf [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrSerIf.sys (Brother

Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrUsbSer.sys (Brother

Industries Ltd.)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys (Creative

Technology Ltd)
DRV - (CX23880 [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems,

Inc.)
DRV - (CX88XBAR [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\CX88XBAR.sys (Conexant Systems,

Inc.)
DRV - (DgiVecp [Auto | Running]) -- C:\WINDOWS\system32\Drivers\DgiVecp.sys (Samsung Electronics

Co., Ltd.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR

Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant

Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems,

Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft

Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA

Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA

Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ctoss2k.sys (Creative

Technology Ltd.)
DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology

Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel

Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision

Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StillCam [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft

Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wacmoumonitor [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys

(Wacom Technology)
DRV - (wacommousefilter [On_Demand | Running]) --

C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys (Wacom

Technology)
DRV - (WacomVKHid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys (Wacom

Technology)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant

Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =

http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://www.pageflakes.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.1
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.018
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {9BAE5926-8513-417d-8E47-774955A7C60D}:1.1.1d
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.10
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.6
FF - prefs.js..extensions.enabledItems: {f274730f-db76-4942-97ba-7984ab94f854}:2.1c
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {283f22a5-7fd7-4714-a764-693b69dc76e9}:1.1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090325
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:4.2.3.3

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM

FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/17 18:54:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA

FIREFOX\COMPONENTS [2009/04/02 14:20:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA

FIREFOX\PLUGINS [2009/04/02 14:20:30 | 00,000,000 | ---D | M]

[2008/06/21 08:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Extensions
[2008/06/21 08:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/04 10:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions
[2009/04/01 20:03:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2008/07/23 12:46:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{283f22a5-7fd7-4714-a764-693b69dc76e9}
[2008/12/05 20:43:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/04/01 20:03:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/02/15 11:58:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/16 20:26:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2008/11/22 10:55:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
[2009/04/01 20:03:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/02/23 17:16:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2008/11/27 13:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/03/10 15:24:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/11 16:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/07/16 10:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2009/04/01 20:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\extra\Application

Data\mozilla\Firefox\Profiles\4qsmeg0s.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}
[2009/04/01 20:04:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/02 14:20:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla

firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/08 06:32:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/16 18:59:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/15 07:27:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/10/26 10:48:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/03/08 09:20:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/17 07:14:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/17 18:54:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2007/02/24 09:58:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla

firefox\My_Theme\mozapps\extensions
[2009/04/02 14:20:25 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla

firefox\components\browserdirprovider.dll
[2009/04/02 14:20:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla

firefox\components\brwsrcmp.dll
[2008/05/29 08:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla

firefox\searchplugins\amazondotcom.xml
[2008/05/29 08:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla

firefox\searchplugins\answers.xml
[2008/05/29 08:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla

firefox\searchplugins\creativecommons.xml
[2008/11/14 17:23:57 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla

firefox\searchplugins\eBay.xml
[2008/05/29 08:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla

firefox\searchplugins\google.xml
[2008/05/29 08:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla

firefox\searchplugins\wikipedia.xml
[2008/05/29 08:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla

firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -

C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (Brother

Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

(Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance

Communications, Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA

Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

(NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper ()
O4 - HKLM..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance

Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r

"C:\Documents and Settings\All Users.WINDOWS\Application

Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple

Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun

Microsystems, Inc.)
O4 - HKCU..\Run: [extra] C:\Documents and Settings\extra\extra.exe /i ()
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft

Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft

Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Office

Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\extra\Start Menu\Programs\Startup\Greetings Workshop

Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\extra\Start Menu\Programs\Startup\SpamBayes Tray Icon.lnk

= C:\Program Files\SpamBayes\bin\sb_tray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver -

res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program

Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}

http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71}

http://download.micr...78f/wvc1dmo.cab

(Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab

(Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program

Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program

Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program

Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program

Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program

Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program

Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program

Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll

(AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - ( digiwet.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{b4fe2ebd-dd29-11dd-9f29-0016e6864cc5}\Shell - "" = AutoRun
O33 - MountPoints2\{b4fe2ebd-dd29-11dd-9f29-0016e6864cc5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b4fe2ebd-dd29-11dd-9f29-0016e6864cc5}\Shell\AutoRun\command - "" =

E:\DPFMate.exe -- File not found
O33 - MountPoints2\{e4228de8-fed8-11dd-9f2f-0016e6864cc5}\Shell\AutoRun\command - "" =

E:\DDCWiFi.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\*.tmp files]
[2009/04/04 11:35:00 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/04 10:58:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/04 10:58:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/03 10:07:48 | 00,003,968 | ---- | C] (GRISOFT, s.r.o.) --

C:\WINDOWS\System32\drivers\AvgArCln.sys
[2009/04/03 10:07:48 | 00,000,828 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1.WIN\Desktop\AVG

Anti-Rootkit Free.lnk
[2009/04/02 22:11:44 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2008/12/28 15:31:33 | 00,032,061 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/08/22 21:12:36 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/08/22 21:12:36 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/08/22 21:10:18 | 00,001,056 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/08/22 21:10:18 | 00,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/08/22 21:09:19 | 00,000,094 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/08/22 21:09:18 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/08/11 10:53:51 | 00,001,248 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/07/10 10:40:57 | 00,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/06/20 19:22:47 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/06/20 19:16:22 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/06/20 19:16:12 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/06/19 17:17:01 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/19 16:31:24 | 00,002,777 | ---- | C] () -- C:\WINDOWS\TVC8XDrv.ini
[2008/06/19 16:26:24 | 00,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2008/06/19 16:26:24 | 00,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/06/19 15:45:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/06/19 15:43:25 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/06/19 15:43:25 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/06/19 15:42:38 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/06/19 15:42:38 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/06/19 15:41:41 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/06/19 15:41:40 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/06/19 09:20:41 | 00,458,340 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/06/19 09:20:40 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/22 12:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 06:00:00 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2006/02/28 06:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2006/02/28 06:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2006/02/28 06:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2006/02/28 06:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2006/02/28 06:00:00 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2006/02/28 06:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006/02/28 06:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2006/02/28 06:00:00 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006/02/28 06:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2006/02/28 06:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2006/02/28 06:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2006/02/28 06:00:00 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006/02/28 06:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2006/02/28 06:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2006/02/28 06:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2006/02/28 06:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2006/02/28 06:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2006/02/28 06:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2006/02/28 06:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2006/02/28 06:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2006/02/28 06:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2006/02/28 06:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2006/02/28 06:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2006/02/28 06:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2006/02/28 06:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2006/02/28 06:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2006/02/28 06:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2006/02/28 06:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2006/02/28 06:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2006/02/28 06:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2006/02/28 06:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2006/02/28 06:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2006/02/28 06:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2006/02/28 06:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2006/02/28 06:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2006/02/28 06:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2006/02/28 06:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2006/02/28 06:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2006/02/28 06:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2006/02/28 06:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2006/02/28 06:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2006/02/28 06:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006/02/28 06:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2006/02/28 06:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 06:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2006/02/28 06:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/05/03 19:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 18:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/04/11 09:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2001/08/17 16:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1997/08/19 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/19 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2009/04/04 11:23:31 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/04 11:22:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 11:22:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 08:46:14 | 34,853,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/04 08:46:14 | 00,085,295 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/04 08:40:27 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/04 08:40:16 | 00,000,422 | -H-- | M] () --

C:\WINDOWS\tasks\User_Feed_Synchronization-{2622E85F-0CF3-4607-84D5-1BE69088B6C4}.job
[2009/04/03 23:42:42 | 01,183,744 | -H-- | M] () -- C:\ffastun.ffo
[2009/04/03 23:42:42 | 00,004,661 | -H-- | M] () -- C:\ffastun.ffa
[2009/04/03 23:42:39 | 04,767,744 | -H-- | M] () -- C:\ffastun.ffl
[2009/04/03 23:42:38 | 10,760,192 | -H-- | M] () -- C:\ffastun0.ffx
[2009/04/03 10:07:48 | 00,000,828 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1.WIN\Desktop\AVG

Anti-Rootkit Free.lnk
[2009/04/02 19:18:54 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) --

C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/02 19:18:54 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) --

C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/02 19:18:54 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) --

C:\WINDOWS\System32\avgrsstx.dll
[2009/04/02 19:18:52 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) --

C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/02 09:15:05 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/31 18:01:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) --

C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) --

C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/11 13:23:21 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/11 13:23:21 | 00,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/11 13:23:21 | 00,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/11 12:07:21 | 00,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 12:00:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >




OTListIt Extras logfile created on: 4/4/2009 11:42:08 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.10.0 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 468.88 Mb Available Physical Memory | 45.81% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 156.59 Gb Free Space | 67.24% Space Free | Partition Type:

NTFS
Drive D: | 18.64 Gb Total Space | 7.65 Gb Free Space | 41.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: extra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Stand

ardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Stand

ardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"54925:UDP" = 54925:UDP:*:Enabled:Brother MFC - network scanning
"54926:UDP" = 54926:UDP:*:Enabled:Brother MFC - PC-Fax receiving
"5900:TCP" = 5900:TCP:LocalSubNet:Enabled:VNC Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Doma

inProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Stan

dardProfile\AuthorizedApplications\List]
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft

Corporation)
C:\Program Files\SpamBayes\bin\sb_tray.exe:*:Enabled:sb_tray ()
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe:*:Enabled:BRAdmin Light (Brother

Industries, Ltd.)
C:\Program Files\Brother\Brmfl07a\FAXRX.exe:*:Enabled:FAXRX.EXE (Brother Industries Ltd.)
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe:*:Enabled:ENABLE (Wacom Technology, Corp.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38947C13-8FB8-4AAB-9638-F49ADA99B988}" = QPlot
"{52F6065D-27D0-4680-B2BC-C49C9A252459}" = Motorola Driver Installation
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{62616A4E-82E4-424A-A201-3D29ABB6B7FD}" = Toon Boom Studio 4.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.09
"{E0F1D3B6-F50E-49AE-A942-FFDFFA16F9A9}" = PhotoStreamer 2
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG8Uninstall" = AVG Free 8.0
"AVGantiRootkit" = AVG Anti-Rootkit Free
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702&SUBSYS_200314F1" = Creative Modem Blaster PCI Value DI5652-1
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CSCLIB" = Canon Camera Support Core Library
"Device Control" = Device Control
"DVD Identifier_is1" = DVD Identifier
"DVD Shrink_is1" = DVD Shrink 3.2
"EAXSet" = Creative EAX Settings
"ERUNT_is1" = ERUNT 1.1j
"Font Xplorer" = Font Xplorer 1.2.2
"Foxit Reader" = Foxit Reader
"Greetings Workshop" = Greetings Workshop
"Handbrake" = Handbrake 0.9.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inkscape" = Inkscape 0.46
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSMONEYV60" = Microsoft Money 98
"MyCamera" = Canon Utilities MyCamera
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PhotoStreamer 2" = PhotoStreamer 2
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ROP Freeware" = ROP Freeware
"Save The Dinos" = Save The Dinos 1.0
"SpamBayes_is1" = SpamBayes 1.0.4
"SPEAKER" = Creative Speaker Settings
"TightVNC_is1" = TightVNC 1.3.9
"TVC8XDrv" = KWorld PVR 883 WDM Drivers
"Wacom Tablet Driver" = Wacom Tablet
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = Gimp 2.6.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENStoneUG" = Creative ZEN Stone User's Guide
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SB_ClipboardPath" = ClipboardPath (Current User)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2008 8:53:09 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application DVD Shrink 3.2.exe, version 3.2.0.15, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/22/2008 7:01:13 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/24/2008 8:03:00 AM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 5:38:04 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application DVD Shrink 3.2.exe, version 3.2.0.15, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/1/2009 10:04:00 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application TBS.exe, version 4.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/2/2009 1:09:11 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module mshtml.dll, version 7.0.6000.16788, fault address 0x000c6200.

Error - 1/23/2009 9:32:48 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module flash9f.ocx, version 9.0.124.0, fault address 0x0003c895.

Error - 2/16/2009 9:48:13 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ieframe.dll, version 7.0.6000.16791, fault address 0x000c50f8.

Error - 2/23/2009 11:57:27 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2009 10:18:42 AM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/4/2009 12:29:48 PM | Computer Name = FAMILY | Source = Service Control Manager | ID =

7000
Description = The KWorld PVR 883 Video Capture service failed to start due to the
following error: %%1058

Error - 4/4/2009 12:29:48 PM | Computer Name = FAMILY | Source = Service Control Manager | ID =

7000
Description = The KWorld PVR 883 Crossbar service failed to start due to the following
error: %%1058

Error - 4/4/2009 12:29:48 PM | Computer Name = FAMILY | Source = Service Control Manager | ID =

7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 4/4/2009 1:14:15 PM | Computer Name = FAMILY | Source = Service Control Manager | ID =

7000
Description = The KWorld PVR 883 Video Capture service failed to start due to the
following error: %%1058

Error - 4/4/2009 1:14:15 PM | Computer Name = FAMILY | Source = Service Control Manager | ID =

7000
Description = The KWorld PVR 883 Crossbar service failed to start due to the following
error: %%1058

Error - 4/4/2009 1:14:15 PM | Computer Name = FAMILY | Source = Service Control Manager | ID =

7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 4/4/2009 1:22:43 PM | Computer Name = FAMILY | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Brother PC-FAX v.2 share name
Printer2.

Error - 4/4/2009 1:24:18 PM | Computer Name = FAMILY | Source = Service Control Manager | ID =

7000
Description = The KWorld PVR 883 Video Capture service failed to start due to the
following error: %%1058

Error - 4/4/2009 1:24:18 PM | Computer Name = FAMILY | Source = Service Control Manager | ID =

7000
Description = The KWorld PVR 883 Crossbar service failed to start due to the following
error: %%1058

Error - 4/4/2009 1:24:18 PM | Computer Name = FAMILY | Source = Service Control Manager | ID =

7000
Description = The SSPORT service failed to start due to the following error: %%2


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP