Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected (possibly vundo?)

Started by shortround , May 24 2009 04:47 PM

  • Please log in to reply

#1
shortround
Posted 24 May 2009 - 04:47 PM

shortround

    Member

  • Member
  • PipPip
  • 56 posts
I've been having problems with my PC for a while now, where everything is super slow. Sometimes when i run internet explorer, it will continuously open new tabs, but not every time i open IE. i've run several different scans and use AVG free edition and nothing seems to come up. is anything in these reports below sticking out as a red flag? thanks for all the help!

mbam report:
Malwarebytes' Anti-Malware 1.34
Database version: 1764
Windows 5.1.2600 Service Pack 3

5/24/2009 3:44:05 PM
mbam-log-2009-05-24 (15-44-05).txt

Scan type: Quick Scan
Objects scanned: 70800
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTList report:
OTListIt logfile created on: 5/24/2009 2:37:48 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.53 Mb Total Physical Memory | 212.90 Mb Available Physical Memory | 27.74% Memory free
1.83 Gb Paging File | 1.31 Gb Available in Paging File | 71.46% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 180.25 Gb Free Space | 60.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.65 Gb Total Space | 223.66 Gb Free Space | 48.03% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CELE
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
PRC - C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe (Trend Micro Inc.)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\system32\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\SoftwareDistribution\Download\Install\IE8-WindowsXP-x86-ENU.exe (Microsoft Corporation)
PRC - g:\a24b695f2c20813c4c35ba\update\iesetup.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - g:\a24b695f2c20813c4c35ba\update\update.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Alex\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (pgsql-8.3 [Auto | Running]) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Tmntsrv [Auto | Running]) -- C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe (Trend Micro Inc.)
SRV - (TVersityMediaServer [Auto | Stopped]) -- C:\Program Files\TVersity\Media Server\MediaServer.exe ()
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AN983 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AN983.sys (ADMtek Incorporated.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CINEMSUP [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS (Divicore Inc.)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (LucentSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LTSM.sys (Lucent Technologies)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (VERITAS Software, Inc.)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS7012 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sis7012.sys (Silicon Integrated Systems Corporation)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\system32\drivers\srvkp.sys ()
DRV - (SMBE [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SMBE.SYS (Sony Corporation)
DRV - (SONYWBMS [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS (Sony Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (tmfilter [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tmxpflt.sys (TrendMicro)
DRV - (tmpreflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tmpreflt.sys (TrendMicro)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (vsapint [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\vsapint.sys (Trend Micro Incorporated.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/24 12:56:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/05/24 12:56:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/31 19:04:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 08:01:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 08:01:46 | 00,000,000 | ---D | M]

[2008/11/20 21:06:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Extensions
[2008/11/20 21:06:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/22 21:33:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\q99a119e.default\extensions
[2009/01/01 10:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\q99a119e.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/12/06 13:53:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\q99a119e.default\extensions\[email protected]
[2009/05/06 00:29:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 08:01:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/28 08:01:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 08:01:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/29 23:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/29 23:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/29 23:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/29 23:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/29 23:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/29 23:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/29 23:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [AtiPTA] atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HydarVisionDesktopManager] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LTSMMSG] LTSMMSG.exe (Lucent Technologies)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe" (Trend Micro Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe File not found
O4 - HKLM..\Run: [SiS Tray] File not found
O4 - HKLM..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" (Trend Micro Inc.)
O4 - HKLM..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs ()
O4 - HKCU..\Run: [ATI Launchpad] File not found
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Alex\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1226870201218 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/24 14:17:21 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/24 12:57:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2008/01/16 21:30:58 | 00,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/05/18 10:37:12 | 00,000,069 | RH-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{c22f9abd-b430-11dd-84e5-0010a725f79a}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe -- [2007/06/26 12:02:12 | 00,212,992 | ---- | M] (Western Digital Technologies, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/24 14:37:23 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/05/24 14:41:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/24 14:40:03 | 00,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/24 14:35:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/24 14:34:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/05/24 14:30:59 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/24 14:30:04 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Alex\Desktop\OTListIt2.exe
[2009/05/24 14:29:42 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\Rooter.exe
[2009/05/21 19:53:39 | 03,342,809 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\eMule0.49c-Installer.exe
[2009/05/20 21:58:18 | 00,020,480 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\Web Analytics Assignment 1.xls
[2009/05/10 17:14:59 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009/05/10 17:14:57 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009/05/10 16:59:28 | 00,001,963 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\TVersity.lnk
[2009/05/09 14:07:18 | 00,152,521 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\Graph.JPG
[2009/05/05 20:22:34 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/03 19:12:47 | 09,044,029 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\videora-ipod-407-setup.exe
[2009/04/28 21:53:56 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\Desktop\iphone pics April 28 2009
[2009/04/27 23:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/27 23:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/27 23:55:26 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/26 14:04:40 | 00,212,480 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\SSNHL_paper_revised_March_11_Chau_Revisions.doc
[2009/04/26 14:04:27 | 00,206,848 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\SSNHL_paper_revised_April_11.doc
[2009/04/26 11:15:33 | 00,000,000 | ---D | C] -- C:\Poker
[2009/04/25 12:10:29 | 00,015,598 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\AM-res.docx
[2009/01/07 23:57:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2009/01/05 22:11:00 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/12/07 18:32:33 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/07 18:32:32 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/12/07 18:32:28 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/07 18:32:27 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/07 18:32:27 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/07 18:32:24 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/07 18:32:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/27 23:14:37 | 00,000,325 | ---- | C] () -- C:\WINDOWS\n02.ini
[2008/11/16 16:54:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2008/11/16 14:04:38 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2008/11/16 14:04:28 | 00,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2008/11/16 14:04:14 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HydraFra.dll
[2008/11/16 14:04:14 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\HydraEsp.dll
[2008/11/16 14:04:14 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraPtb.dll
[2008/11/16 14:04:14 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraNln.dll
[2008/11/16 14:04:14 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraIta.dll
[2008/11/16 14:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraSvs.dll
[2008/11/16 14:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraNon.dll
[2008/11/16 14:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraFif.dll
[2008/11/16 14:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraDad.dll
[2008/11/16 14:04:14 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\HydraJan.dll
[2008/11/16 14:04:14 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\HydraKor.dll
[2008/11/16 14:04:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\HydraZht.dll
[2008/11/16 14:04:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\HydraZhs.dll
[2008/11/16 14:04:14 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ViewHook.dll
[2002/04/26 02:06:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/25 15:13:18 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/04/25 15:13:18 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/04/25 15:09:33 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/25 15:09:10 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2002/04/25 15:08:09 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2002/04/25 14:48:04 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/04/24 17:36:03 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2002/04/24 17:35:18 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/04/24 11:47:28 | 00,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/24 11:30:54 | 00,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/24 11:30:42 | 00,000,608 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/04/24 11:30:40 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/12/04 21:22:50 | 00,002,101 | ---- | C] () -- C:\WINDOWS\Pcc2KNT.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[56 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/24 14:40:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/24 14:40:03 | 00,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/24 14:37:12 | 00,009,370 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\md investments.xlsx
[2009/05/24 14:30:05 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Alex\Desktop\OTListIt2.exe
[2009/05/24 14:29:43 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\Rooter.exe
[2009/05/24 14:17:21 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/05/24 14:16:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/24 14:16:27 | 00,000,062 | -HS- | M] () -- C:\DOCUME~1\Alex\Local Settings\desktop.ini
[2009/05/24 14:16:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/24 14:16:20 | 80,488,4480 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/24 13:02:36 | 36,392,538 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/24 12:57:45 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.CAM
[2009/05/23 15:57:22 | 00,002,295 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\HoldemManager.exe.lnk
[2009/05/23 12:58:10 | 00,000,570 | ---- | M] () -- C:\DOCUME~1\Alex\My Documents\My Sharing Folders.lnk
[2009/05/23 09:02:34 | 00,059,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/21 19:53:51 | 03,342,809 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\eMule0.49c-Installer.exe
[2009/05/20 22:15:47 | 00,020,480 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\Web Analytics Assignment 1.xls
[2009/05/10 16:59:25 | 00,001,963 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\TVersity.lnk
[2009/05/10 08:57:34 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/10 08:57:33 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/10 08:57:33 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/10 08:57:25 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/09 14:07:22 | 00,152,521 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\Graph.JPG
[2009/05/08 09:42:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/05/08 09:42:45 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/05 15:04:19 | 00,000,280 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/03 19:13:49 | 09,044,029 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\videora-ipod-407-setup.exe
[2009/04/28 21:53:20 | 00,079,734 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\iphone pics April 28 2009 113.png
[2009/04/28 21:53:17 | 00,354,603 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\iphone pics April 28 2009 100.jpg
[2009/04/26 15:33:18 | 00,206,848 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\SSNHL_paper_revised_April_11.doc
[2009/04/26 14:04:41 | 00,212,480 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\SSNHL_paper_revised_March_11_Chau_Revisions.doc
[2009/04/25 12:10:31 | 00,015,598 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\AM-res.docx
[2009/04/24 22:30:39 | 00,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
< End of report >


Rooter Report:
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:305242 Mo/Free:314 Mo)
D:\ [Removable] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Fixed] - FAT32 - (Total:476821 Mo/Free:3791 Mo)
H:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 05/24/2009|14:31

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\LTSMMSG.exe
---------- C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
---------- C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
---------- C:\WINDOWS\system32\atiptaxx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
---------- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\SoftwareDistribution\Download\Install\IE8-WindowsXP-x86-ENU.exe
---------- g:\a24b695f2c20813c4c35ba\update\iesetup.exe
---------- C:\WINDOWS\system32\mrt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sun 05/24/2009|14:35

----------------------\\ Scan completed at 14:35
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP