Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to install programs, PC reboots just before shutdown

Started by chewie8008 , Jun 14 2009 07:20 PM

  • Please log in to reply

#1
chewie8008
Posted 14 June 2009 - 07:20 PM

chewie8008

    Member

  • Member
  • PipPip
  • 49 posts
I'm not sure of the name of the spyware/trojan that is giving me these problems. I have been to the "begin here" topic and followed all the instructions to clean up the PC and am still having the problems. I am unable to install some programs downloaded from legit websites. Most of the time it tells me that the download may be corrupt and to redownload and try again. I have tried all sorts of downloads from a lot of different websites, and although it doesn't always give me this error, it does a lot of the time. I am mainly trying to install a driver for my nvidia card from Nvidia.com and even tried one from download.com and get the same errors.

Also, whenever I go to shutdown my PC it goes through the logging off process, then says it's saving my settings and then just as it's about to shut off, a blue screen flashes for a millisecond and the PC restarts. Whenever it comes back up it acts as if it just crashed, so apparently it crashes everytime I shutdown. It only happens on the first try, whenever it restarts and I click shutdown it works fine the second time. It will also crash randomly sometimes while im in the middle of using the PC with the same blue screen flash, but that only happens once every few weeks. Anyways, here are my OTlistit and Rootkit logs...

OTL logfile created on: 6/11/2009 1:28:34 PM - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = M:\AntiVirusSpyware
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 497.07 Mb Available Physical Memory | 48.57% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.37% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
C: Drive not present or media not loaded
Drive D: | 74.52 Gb Total Space | 60.75 Gb Free Space | 81.52% Space Free | Partition Type: NTFS
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 189.92 Gb Total Space | 154.19 Gb Free Space | 81.19% Space Free | Partition Type: NTFS
Drive S: | 232.88 Gb Total Space | 140.35 Gb Free Space | 60.27% Space Free | Partition Type: NTFS

Computer Name: PC
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - M:\AntiVirusSpyware\Ad Aware\aawservice.exe (Lavasoft)
PRC - M:\AntiVirusSpyware\Avast Antivirus\aswUpdSv.exe (ALWIL Software)
PRC - M:\AntiVirusSpyware\Avast Antivirus\ashServ.exe (ALWIL Software)
PRC - D:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - D:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - D:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - M:\AntiVirusSpyware\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
PRC - M:\AntiVirusSpyware\Avast Antivirus\ashDisp.exe (ALWIL Software)
PRC - M:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
PRC - D:\Program Files\Java\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - M:\Program Files\Scansoft for Canon Printer\OpwareSE4.exe (ScanSoft, Inc.)
PRC - M:\AntiVirusSpyware\ProcessGuard\pgaccount.exe (DiamondCS)
PRC - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - M:\Games\SIMS 3\Download Manager Update\EADM\Core.exe (Electronic Arts)
PRC - M:\AntiVirusSpyware\ProcessGuard\dcsuserprot.exe (DiamondCS)
PRC - M:\AntiVirusSpyware\ProcessGuard\procguard.exe (DiamondCS)
PRC - D:\Program Files\Adobe\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - D:\Program Files\Java\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - D:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - D:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
PRC - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
PRC - D:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - D:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
PRC - M:\AntiVirusSpyware\Avast Antivirus\ashMaiSv.exe (ALWIL Software)
PRC - M:\AntiVirusSpyware\Avast Antivirus\ashWebSv.exe (ALWIL Software)
PRC - D:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - D:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - D:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - D:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - D:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - M:\AntiVirusSpyware\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- M:\AntiVirusSpyware\Ad Aware\aawservice.exe (Lavasoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- M:\AntiVirusSpyware\Avast Antivirus\aswUpdSv.exe (ALWIL Software)
SRV - (ATKKeyboardService [Auto | Running]) -- D:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (avast! Antivirus [Auto | Running]) -- M:\AntiVirusSpyware\Avast Antivirus\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- M:\AntiVirusSpyware\Avast Antivirus\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- M:\AntiVirusSpyware\Avast Antivirus\ashWebSv.exe (ALWIL Software)
SRV - (AVG Anti-Spyware Guard [Auto | Running]) -- M:\AntiVirusSpyware\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
SRV - (Capture Device Service [Auto | Running]) -- D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (clr_optimization_v2.0.50727_32 [Auto | Running]) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DCSPGSRV [Auto | Running]) -- M:\AntiVirusSpyware\ProcessGuard\dcsuserprot.exe (DiamondCS)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) [Auto | Running]) -- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (gupdate1c986f84ddd3988 [Auto | Stopped]) -- D:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- D:\Program Files\Java\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- D:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (McciCMService [Auto | Running]) -- D:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
SRV - (nSvcLog [Auto | Running]) -- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (NVSvc [Auto | Running]) -- D:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (PCLEPCI [Auto | Stopped]) -- D:\WINDOWS\system32\drivers\pclepci.sys (Pinnacle Systems GmbH)
SRV - (SandraDataSrv [On_Demand | Stopped]) -- D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe (SiSoftware)
SRV - (SandraTheSrv [On_Demand | Stopped]) -- D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe (SiSoftware)
SRV - (Viewpoint Manager Service [Auto | Running]) -- D:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (vsmon [Auto | Running]) -- D:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- D:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ALCXWDM [On_Demand | Running]) -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ASInsHelp [Auto | Running]) -- D:\WINDOWS\system32\drivers\AsInsHelp32.sys ()
DRV - (AsIO [System | Running]) -- D:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (aslm75 [System | Running]) -- D:\WINDOWS\system32\drivers\aslm75.sys ()
DRV - (asuskbnt [System | Running]) -- D:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (aswFsBlk [Auto | Running]) -- D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- D:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- D:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- D:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- D:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (AVG Anti-Spyware Driver [System | Running]) -- M:\AntiVirusSpyware\AVG Anti-Spyware 7.5\guard.sys ()
DRV - (AvgAsCln [System | Running]) -- D:\WINDOWS\System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (cdrbsdrv [System | Running]) -- D:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (EIO [Auto | Running]) -- D:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (gameenum [On_Demand | Running]) -- D:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (hidgame [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\hidgame.sys (Microsoft Corporation)
DRV - (KLIF [System | Running]) -- D:\WINDOWS\system32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (L8042mou [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV - (LHidKe [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\LHidKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK [On_Demand | Running]) -- D:\WINDOWS\System32\Drivers\LHidUsbK.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV - (MarvinBus [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MREMP50 [On_Demand | Stopped]) -- D:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50 [On_Demand | Stopped]) -- D:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ms_mpu401 [On_Demand | Running]) -- D:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- D:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- D:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvatabus [Boot | Running]) -- D:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVTCP [System | Running]) -- D:\WINDOWS\System32\DRIVERS\NVTcp.sys (NVIDIA Corporation)
DRV - (PinnacleMarvinUsb [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\MarvinUsb.sys (Pinnacle Systems)
DRV - (PLUsbbc2 [On_Demand | Stopped]) -- D:\WINDOWS\System32\Drivers\usbbc2.sys (Prolific Technology Inc.)
DRV - (Point32 [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (PRISM_A02 [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\WUSB20XP.sys (GlobespanVirata, Inc.)
DRV - (procguard [Auto | Running]) -- D:\WINDOWS\system32\drivers\procguard.sys (DiamondCS)
DRV - (Ptilink [On_Demand | Running]) -- D:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- D:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RIOUNIV [On_Demand | Stopped]) -- D:\WINDOWS\System32\Drivers\RIOUNIV.sys (Digital Networks North America, Inc.)
DRV - (Secdrv [Auto | Running]) -- D:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (srescan [Boot | Running]) -- D:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (tbhsd [On_Demand | Running]) -- D:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (usbaudio [On_Demand | Stopped]) -- D:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (USRpdA [On_Demand | Running]) -- D:\WINDOWS\System32\DRIVERS\USRpdA.sys (U.S. Robotics Corporation)
DRV - (Video3D [On_Demand | Running]) -- D:\WINDOWS\System32\Drivers\Video3D.sys (ASUSTeK COMPUTER INC.)
DRV - (vsdatant [System | Running]) -- D:\WINDOWS\System32\vsdatant.sys (Zone Labs, LLC)
DRV - (xusb20 [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\xusb20.sys (Microsoft Corporation)
DRV - (xusb21 [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\xusb21.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: D:\PROGRAM FILES\JAVA\LIB\DEPLOY\JQS\FF [2008/12/20 02:12:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: D:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/06/11 13:15:44 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [!1_pgaccount] "M:\AntiVirusSpyware\ProcessGuard\pgaccount.exe" (DiamondCS)
O4 - HKLM..\Run: [avast!] M:\ANTIVI~1\AVASTA~1\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OpwareSE4] "M:\Program Files\Scansoft for Canon Printer\OpwareSE4.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [RemoteControl] "D:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USB2Check] RUNDLL32.EXE "D:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] "M:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" File not found
O4 - HKLM..\Run: [XboxStat] "D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] "M:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
O4 - HKCU..\Run: [!1_ProcessGuard_Startup] "M:\AntiVirusSpyware\ProcessGuard\procguard.exe" -minimize (DiamondCS)
O4 - HKCU..\Run: [EA Core] "M:\Games\SIMS 3\Download Manager Update\EADM\Core.exe" -silent (Electronic Arts)
O4 - HKCU..\Run: [LaunchList] M:\Program Files\Studio 11 Plus\LaunchList2.exe (Pinnacle Systems)
O4 - HKCU..\Run: [NBJ] "M:\Program Files\New Nero Install\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKCU..\Run: [Steam] M:\Valve\Steam\Steam.exe -silent File not found
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: D:\Documents and Settings\Jason\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = M:\AntiVirusSpyware\Erunt Registry Backup\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - D:\WINDOWS\system32\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - D:\WINDOWS\system32\ua_lsp.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 22 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1230098276234 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1230098256093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.co...?BundleId=26688 (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (cosvbv.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - M:\AntiVirusSpyware\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/19 23:12:35 | 00,000,152 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 21:57:16 | 00,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 17:22:16 | 00,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{b5e240b8-3832-11da-921e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e240b8-3832-11da-921e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b5e240b8-3832-11da-921e-806d6172696f}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/29 21:57:16 | 00,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/10 13:58:09 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - D:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/06/11 13:14:39 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\XPSViewer
[2009/06/11 13:14:34 | 00,000,000 | ---D | C] -- D:\Program Files\MSBuild
[2009/06/11 13:14:23 | 00,000,000 | ---D | C] -- D:\Program Files\Reference Assemblies
[2009/06/11 13:00:46 | 01,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\xpssvcs.dll
[2009/06/11 13:00:46 | 01,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/06/11 13:00:46 | 00,597,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/06/11 13:00:46 | 00,575,488 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\xpsshhdr.dll
[2009/06/11 13:00:46 | 00,575,488 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/06/11 13:00:46 | 00,117,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\prntvpt.dll
[2009/06/11 13:00:46 | 00,089,088 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/06/11 12:24:52 | 00,246,272 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/11 12:24:52 | 00,012,800 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/11 11:27:30 | 00,000,000 | ---D | C] -- D:\Rooter$
[2009/06/11 11:19:37 | 00,071,764 | ---- | C] () -- D:\WINDOWS\System32\pguard.dat
[2009/06/11 11:19:37 | 00,028,268 | ---- | C] () -- D:\WINDOWS\System32\pghash.dat
[2009/06/11 11:17:47 | 00,044,544 | ---- | C] (DiamondCS) -- D:\WINDOWS\System32\procguard.dll
[2009/06/11 11:17:47 | 00,026,688 | ---- | C] (DiamondCS) -- D:\WINDOWS\System32\drivers\procguard.sys
[2009/06/11 00:17:25 | 00,000,000 | ---D | C] -- D:\Nvidia
[2009/06/10 23:13:57 | 00,000,000 | ---D | C] -- D:\ProgramData
[2009/06/10 23:13:57 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/06/10 23:13:16 | 00,000,743 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2009/06/10 23:13:12 | 00,000,000 | ---D | C] -- D:\Program Files\Electronic Arts
[2009/06/10 23:09:36 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft WSE
[2009/06/10 23:09:04 | 00,000,533 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2009/06/10 13:05:36 | 00,061,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\aeikqevr.sys
[2009/05/29 13:28:28 | 00,019,174 | ---- | C] () -- D:\Documents and Settings\Jason\Desktop\Jamaica Journal.rtf
[2009/04/29 18:23:53 | 00,000,035 | ---- | C] () -- D:\WINDOWS\Blink.ini
[2008/12/27 02:13:26 | 00,796,048 | ---- | C] () -- D:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/12/25 19:42:10 | 01,603,449 | -HS- | C] () -- D:\WINDOWS\System32\inafehoy.ini
[2008/12/24 00:50:10 | 01,661,209 | -HS- | C] () -- D:\WINDOWS\System32\nggdxgor.ini
[2008/12/22 18:44:41 | 01,661,209 | -HS- | C] () -- D:\WINDOWS\System32\irntrpwd.ini
[2008/12/17 19:24:12 | 00,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2008/09/17 14:24:00 | 00,000,754 | ---- | C] () -- D:\WINDOWS\WORDPAD.INI
[2008/06/18 15:59:56 | 00,007,680 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2008/02/15 22:31:10 | 00,765,952 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2008/02/15 22:31:10 | 00,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2008/01/12 21:54:26 | 00,000,043 | ---- | C] () -- D:\WINDOWS\3D Text Factory.INI
[2007/12/08 22:25:39 | 00,000,424 | ---- | C] () -- D:\WINDOWS\MAXLINK.INI
[2007/11/19 23:12:34 | 00,138,752 | ---- | C] () -- D:\WINDOWS\System32\mase32.dll
[2007/11/19 23:12:33 | 00,196,096 | ---- | C] () -- D:\WINDOWS\System32\macd32.dll
[2007/11/19 23:12:33 | 00,136,192 | ---- | C] () -- D:\WINDOWS\System32\mamc32.dll
[2007/11/19 23:12:33 | 00,057,856 | ---- | C] () -- D:\WINDOWS\System32\masd32.dll
[2007/11/19 23:12:33 | 00,027,648 | ---- | C] () -- D:\WINDOWS\System32\ma32.dll
[2007/05/23 04:39:17 | 00,000,034 | ---- | C] () -- D:\WINDOWS\cdplayer.ini
[2007/01/03 17:02:23 | 00,012,288 | ---- | C] () -- D:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/03 16:58:11 | 03,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2006/04/09 10:14:40 | 00,000,853 | ---- | C] () -- D:\WINDOWS\CoDUO.INI
[2005/12/26 11:53:55 | 00,000,754 | ---- | C] () -- D:\WINDOWS\CoD.INI
[2005/10/30 15:01:13 | 00,000,287 | ---- | C] () -- D:\WINDOWS\game.ini
[2005/10/11 21:50:26 | 00,032,768 | ---- | C] () -- D:\WINDOWS\System32\ua_lsp.dll
[2005/10/11 16:14:31 | 00,000,061 | ---- | C] () -- D:\WINDOWS\wininit.ini
[2005/10/11 16:07:17 | 00,000,408 | ---- | C] () -- D:\WINDOWS\SIERRA.INI
[2005/10/06 16:27:23 | 00,024,576 | R--- | C] () -- D:\WINDOWS\System32\AsIO.dll
[2005/10/06 16:27:23 | 00,004,962 | R--- | C] () -- D:\WINDOWS\System32\drivers\AsIO.sys
[2005/10/06 16:27:22 | 00,005,120 | ---- | C] () -- D:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2005/10/06 16:27:22 | 00,003,328 | ---- | C] () -- D:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2005/10/06 15:57:52 | 00,000,204 | ---- | C] () -- D:\WINDOWS\RtlRack.ini
[2005/10/06 15:55:14 | 00,000,164 | ---- | C] () -- D:\WINDOWS\avrack.ini
[2005/10/06 15:55:12 | 00,156,672 | ---- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll
[2005/10/06 15:50:09 | 00,006,272 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASLM75.SYS
[2005/09/29 11:43:51 | 00,363,520 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2005/09/29 11:43:35 | 00,180,224 | ---- | C] () -- D:\WINDOWS\System32\ATKCheckDispIDs.dll
[2005/09/29 11:43:35 | 00,008,704 | ---- | C] () -- D:\WINDOWS\System32\ATKOSDMini.DLL
[2005/09/29 11:43:35 | 00,000,018 | ---- | C] () -- D:\WINDOWS\System32\atkid.ini
[2005/02/23 18:32:00 | 00,540,672 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll
[2004/10/11 11:19:00 | 00,092,672 | ---- | C] () -- D:\WINDOWS\System32\ASUSASV2.DLL
[2002/03/16 19:00:00 | 00,007,420 | ---- | C] () -- D:\WINDOWS\UA000071.DLL
[2001/08/18 09:00:00 | 00,000,777 | ---- | C] () -- D:\WINDOWS\win.ini
[2001/08/18 09:00:00 | 00,000,227 | ---- | C] () -- D:\WINDOWS\system.ini
[2001/08/18 08:59:32 | 01,614,848 | ---- | C] () -- D:\WINDOWS\System32\sfcfiles.dll

========== Files - Modified Within 30 Days ==========

[2009/06/11 13:27:37 | 00,604,844 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/11 13:27:37 | 00,510,178 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2009/06/11 13:27:37 | 00,083,948 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2009/06/11 13:23:51 | 00,352,919 | -H-- | M] () -- D:\WINDOWS\System32\vsconfig.xml
[2009/06/11 13:23:30 | 00,000,868 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job
[2009/06/11 13:23:06 | 00,023,773 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2009/06/11 13:22:57 | 00,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/11 13:22:53 | 00,000,310 | ---- | M] () -- D:\WINDOWS\tasks\bfdfvoiy.job
[2009/06/11 13:22:53 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/06/11 13:22:33 | 00,000,062 | -HS- | M] () -- D:\Documents and Settings\Jason\Local Settings\desktop.ini
[2009/06/11 13:22:23 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/06/11 13:22:20 | 00,399,144 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/11 13:21:17 | 20,584,480 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox.dat
[2009/06/11 12:57:11 | 00,071,764 | ---- | M] () -- D:\WINDOWS\System32\pguard.dat
[2009/06/11 12:56:34 | 00,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{5B78739F-C150-4984-B701-3A19C1DDA130}.job
[2009/06/11 12:24:54 | 00,028,268 | ---- | M] () -- D:\WINDOWS\System32\pghash.dat
[2009/06/11 12:16:41 | 00,012,598 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/06/11 11:05:35 | 00,000,743 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2009/06/11 00:47:51 | 00,243,416 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox.idx
[2009/06/10 23:09:04 | 00,000,533 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2009/06/10 22:39:45 | 00,000,777 | ---- | M] () -- D:\WINDOWS\win.ini
[2009/06/10 22:39:45 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009/06/10 16:16:16 | 00,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2009/06/10 13:05:36 | 00,061,440 | ---- | M] () -- D:\WINDOWS\System32\drivers\aeikqevr.sys
[2009/06/09 22:34:31 | 00,001,355 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2009/06/07 17:13:18 | 00,000,034 | ---- | M] () -- D:\WINDOWS\cdplayer.ini
[2009/06/06 15:40:55 | 00,019,174 | ---- | M] () -- D:\Documents and Settings\Jason\Desktop\Jamaica Journal.rtf
[2009/06/01 11:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MRT.exe
[2009/05/29 13:28:33 | 00,000,754 | ---- | M] () -- D:\WINDOWS\WORDPAD.INI
[2009/05/27 15:24:20 | 00,000,349 | ---- | M] () -- D:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2009/05/13 00:15:55 | 05,936,128 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\mshtml.dll
[2009/05/13 00:15:55 | 05,936,128 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mshtml.dll
[2009/05/13 00:15:55 | 00,915,456 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wininet.dll
[2009/05/13 00:15:55 | 00,915,456 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wininet.dll
< End of report >




Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
D:\ [Fixed] - NTFS - (Total:76308 Mo/Free:772 Mo)
E:\ [CD-Rom] (Total:5670 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
M:\ [Fixed] - NTFS - (Total:194474 Mo/Free:2242 Mo)
S:\ [Fixed] - NTFS - (Total:238473 Mo/Free:356 Mo)

Thu 06/11/2009|13:26

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\D:\WINDOWS\system32\csrss.exe
---------- \??\D:\WINDOWS\system32\winlogon.exe
---------- D:\WINDOWS\system32\services.exe
---------- D:\WINDOWS\system32\savedump.exe
---------- D:\WINDOWS\system32\lsass.exe
---------- D:\WINDOWS\system32\svchost.exe
---------- D:\WINDOWS\system32\svchost.exe
---------- D:\WINDOWS\System32\svchost.exe
---------- D:\WINDOWS\system32\svchost.exe
---------- D:\WINDOWS\System32\svchost.exe
---------- D:\WINDOWS\System32\svchost.exe
---------- M:\AntiVirusSpyware\Ad Aware\aawservice.exe
---------- M:\AntiVirusSpyware\Avast Antivirus\aswUpdSv.exe
---------- M:\AntiVirusSpyware\Avast Antivirus\ashServ.exe
---------- D:\WINDOWS\Explorer.EXE
---------- D:\WINDOWS\system32\spoolsv.exe
---------- D:\Program Files\Google\Update\GoogleUpdate.exe
---------- D:\WINDOWS\System32\svchost.exe
---------- D:\WINDOWS\ATKKBService.exe
---------- M:\AntiVirusSpyware\AVG Anti-Spyware 7.5\guard.exe
---------- M:\ANTIVI~1\AVASTA~1\ashDisp.exe
--Locked-- zlclient.exe
---------- D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
---------- D:\Program Files\Java\bin\jusched.exe
---------- D:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
---------- D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
---------- M:\Program Files\Scansoft for Canon Printer\OpwareSE4.exe
---------- M:\AntiVirusSpyware\ProcessGuard\pgaccount.exe
---------- D:\WINDOWS\system32\rundll32.exe
---------- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---------- M:\Games\SIMS 3\Download Manager Update\EADM\Core.exe
---------- M:\AntiVirusSpyware\ProcessGuard\dcsuserprot.exe
---------- M:\AntiVirusSpyware\ProcessGuard\procguard.exe
---------- D:\Program Files\Adobe\Reader\reader_sl.exe
---------- D:\Program Files\Java\bin\jqs.exe
---------- D:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- D:\Program Files\Common Files\Motive\McciCMService.exe
---------- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
---------- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
---------- D:\WINDOWS\System32\nvsvc32.exe
---------- D:\WINDOWS\System32\svchost.exe
---------- D:\Program Files\Viewpoint\Common\ViewpointService.exe
--Locked-- vsmon.exe
---------- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
---------- M:\AntiVirusSpyware\Avast Antivirus\ashMaiSv.exe
---------- M:\AntiVirusSpyware\Avast Antivirus\ashWebSv.exe
---------- D:\WINDOWS\System32\alg.exe
---------- D:\WINDOWS\system32\wuauclt.exe
---------- D:\Program Files\Internet Explorer\iexplore.exe
---------- D:\Program Files\Internet Explorer\iexplore.exe
---------- D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- D:\Program Files\Internet Explorer\iexplore.exe
---------- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---------- D:\WINDOWS\system32\cmd.exe
---------- D:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "D:\Rooter$\Rooter_1.txt" - Thu 06/11/2009|11:28
2 - "D:\Rooter$\Rooter_2.txt" - Thu 06/11/2009|13:27

----------------------\\ Scan completed at 13:27

My Malwarebytes antimalware scans are coming up clean...
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP