AntispywareXP 2006

noneckferretnoneckferret
edited October 2008 in Spyware & Virus Removal
I seem to have this nasty infection . Like most I was fooled by it's appearance and now I can't seem to do anything against it . My AVG antivirus has been disabled/damaged , it will not allow me to run hijack this or combofix and is redirecting me when browsing using IE . I juast noticed as I was checking the name of this thing I have 2 windows security center icons in control panel , one says my antivirus is working and up to date the other ( which I think is bogus) says I have no antivirus and antispyware xp 2009 is ready to be installed . Please help

Comments

  • VekaVeka Finland
    edited October 2008
    Hi, let's try this....

    Please download to your Desktop

    Malwarebytes' Anti-Malware (MBAM)
    Random's System Information Tool (RSIT)

    Step 1:
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform full Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart (include this log in your next reply).
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Step 2:

    Double click on RSIT.exe when back in Normal Mode to run the program.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • Please post the contents of both log.txt (< will be maximized) and info.txt (< will be minimized)

    Please reply with MBAM's log and both RSIT's logs.
  • noneckferretnoneckferret
    edited October 2008
    Malwarebytes' Anti-Malware 1.29
    Database version: 1286
    Windows 5.1.2600 Service Pack 3

    18/10/2008 21:23:37
    mbam-log-2008-10-18 (21-23-37).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 149196
    Time elapsed: 1 hour(s), 18 minute(s), 46 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 5
    Registry Data Items Infected: 1
    Folders Infected: 2
    Files Infected: 22

    Memory Processes Infected:
    C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcegkj0ec6p (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcegkj0ec6p (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.XPAntivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Delete on reboot.
    C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.XPAntivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.XPAntivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.XPAntivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.XPAntivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.XPAntivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\system32\blphcagkj0ec6p.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcagkj0ec6p.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ron\Local Settings\Temp\TDSS5a4d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ron\Local Settings\Temp\TDSS5a7c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

    sorry to put these in different replies but they are too long to go in one
  • noneckferretnoneckferret
    edited October 2008
    info.txt logfile of random's system information tool 1.04 2008-10-18 21:28:42

    ======Uninstall list======

    -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
    Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x9
    ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
    ASUS nVIDIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
    ASUS SmartDoctor-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1033
    ASUS Utilities-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1033
    ASUS VideoSecurity Online-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
    AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Broadband Download Monitor-->MsiExec.exe /I{649E0E92-F09E-4D4F-84E2-72DE88B4671B}
    CloneDVD 4.0-->"C:\Program Files\CloneDVD\unins000.exe"
    Diagnostics Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7236672F-6430-439E-9B27-27EDEAF1D676}\Setup.exe" -l0x9
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
    EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
    EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
    ESPR200 Reference Guide-->C:\Program Files\EPSON\TPMANUAL\ESPR200\REF_G\DOCUNINS.EXE
    ESPR200 Software Guide-->C:\Program Files\EPSON\TPMANUAL\ESPR200\PQU_G\DOCUNINS.EXE
    ffdshow-->"C:\Program Files\ffdshow\uninstall.exe"
    FootyOnline.tv-->C:\Program Files\FootyOnline.tv\Uninstal.exe
    Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    H264 Codecs-->MsiExec.exe /X{A3A1A5F0-0B94-4E69-B3E1-92F25E31BEE9}
    Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
    iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    K-Lite Mega Codec Pack 1.25-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x0009 -removeonly
    LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
    Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
    Mozilla Firefox (2.0)-->C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
    MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
    Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI
    Orange Livebox-->C:\WINDOWS\Uninstall_Livebox.EXE
    Orange Toolbar-->C:\Program Files\Orange Toolbar UK\uninst.exe
    PC Connectivity Solution-->MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
    PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
    PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
    PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
    PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    REALTEK PCIE NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}\Setup.exe" -l0x9 REMOVE
    Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
    Runtime 8.0 Libraries-->MsiExec.exe /I{EA4FA30B-7321-4428-90E9-28B088EC8DC9}
    Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
    SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
    Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
    Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
    SnoopFree Privacy Shield-->SnoopFreeUI.exe /U
    SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Voozie Maker-->C:\Documents and Settings\All Users\Application Data\Make A Voozie\vzUninstall.exe
    Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
    WinAVIVideoConverter-->"C:\Program Files\WinAVIVideoConverter\unins000.exe"
    Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
    Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
    Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
    Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
    Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    x264 Revision 534 x264.nl (remove only)-->"C:\Program Files\x264\x264-uninstall.exe"
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
    Yahoo! Mail Advisor-->C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

    ======Security center information======

    AV: AVG 7.5.549

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0407
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    EOF
  • noneckferretnoneckferret
    edited October 2008
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by ron at 2008-10-18 21:28:29
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 118 GB (39%) free of 305 GB
    Total RAM: 2047 MB (65% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:28:40, on 18/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\SnoopFreeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\SSC Service Utility\ssc_serv.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\WINDOWS\SnoopFreeUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ConsumerChoices.co.uk\Broadband Download Monitor\bdm.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\ron\Desktop\RSIT.exe
    C:\Program Files\trend micro\ron.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer192.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
    O4 - HKLM\..\Run: [Make A Voozie] "C:\Documents and Settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe" /startup
    O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Desktop Download Monitor.lnk = ?
    O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ron\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe

    --
    End of file - 11033 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
    {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - Orange Toolbar - C:\Program Files\Orange Toolbar UK\ToolbarContainer192.dll [2007-02-21 249856]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-02-21 143360]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2005-12-09 7311360]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2005-12-09 86016]
    "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
    "EPSON Stylus Photo R200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE [2003-09-11 99840]
    "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-17 590848]
    "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
    "YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2007-06-08 224248]
    "SSC Service Utility"=C:\Program Files\SSC Service Utility\ssc_serv.exe [2007-11-19 490496]
    "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-03 185896]
    "NapsterShell"=C:\Program Files\Napster\napster.exe /systray []
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
    "YMailAdvisor"=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2008-06-05 125208]
    "Make A Voozie"=C:\Documents and Settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe [2008-02-20 64000]
    "SnoopFreeUI"=C:\WINDOWS\SnoopFreeUI.exe [2008-10-16 221184]
    "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-16 1257104]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-16 398992]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2005-12-15 1064960]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
    "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-07-23 21738792]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Documents and Settings\ron\Start Menu\Programs\Startup
    Desktop Download Monitor.lnk - C:\Documents and Settings\ron\Application Data\Microsoft\Installer\{649E0E92-F09E-4D4F-84E2-72DE88B4671B}\_37B3EE7DA373E19FC84250.exe
    IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="karna.dat"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSpxoe.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSpxoe.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Grisoft\AVG7\avgw.exe"="C:\Program Files\Grisoft\AVG7\avgw.exe:*:Enabled:AVG Test Center"
    "C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:AVG Control Center"
    "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe:*:Enabled:AVG Anti-Spyware"
    "C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe"="C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe:*:Enabled:AVG Anti-Rootkit Free"
    "C:\Program Files\Grisoft\AVG7\avgvv.exe"="C:\Program Files\Grisoft\AVG7\avgvv.exe:*:Enabled:AVG Virus Vault"
    "C:\Program Files\FootyOnline\FootyOnline.exe"="C:\Program Files\FootyOnline\FootyOnline.exe:*:Enabled:FootyOnline Player"
    "C:\Program Files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe"="C:\Program Files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe:*:Enabled:LG PC Suite"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
    "C:\Program Files\FootyOnline\Uninstal.exe"="C:\Program Files\FootyOnline\Uninstal.exe:*:Enabled:Uninstall FootyOnline Player"
    "C:\Program Files\K-Lite Codec Pack\tools\3ivxConfig.exe"="C:\Program Files\K-Lite Codec Pack\tools\3ivxConfig.exe:*:Enabled:3ivx"
    "C:\WINDOWS\network diagnostic\xpnetdiag.exe"="C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
    "C:\Program Files\SecondLife\SecondLife.exe"="C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\SecondLifeMono\SLVoice.exe"="C:\Program Files\SecondLifeMono\SLVoice.exe:*:Enabled:SLVoice"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
    "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
    "C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Disabled:Rosetta Stone Online Component"
    "C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Disabled:Rosetta Stone V3 Application"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
    "C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0027145a-99c7-11dc-be5a-806d6172696f}]
    shell\AutoRun\command - E:\setup.exe


    ======List of files/folders created in the last 1 months======

    2008-10-18 21:28:29 ----D---- C:\rsit
    2008-10-18 21:26:58 ----A---- C:\WINDOWS\system32\pmze.txt
    2008-10-18 18:19:19 ----D---- C:\Documents and Settings\ron\Application Data\Malwarebytes
    2008-10-18 18:19:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-18 18:19:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-18 13:03:58 ----D---- C:\Program Files\Trend Micro
    2008-10-18 09:52:40 ----A---- C:\WINDOWS\yjij.com
    2008-10-18 09:52:40 ----A---- C:\WINDOWS\system32\hukepydoca.bat
    2008-10-18 09:52:40 ----A---- C:\WINDOWS\guralaz.vbs
    2008-10-18 09:52:40 ----A---- C:\Documents and Settings\All Users\Application Data\riro.bat
    2008-10-18 09:49:12 ----N---- C:\WINDOWS\brastk.exe
    2008-10-17 03:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-17 03:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-17 03:04:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-17 03:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-17 03:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-17 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
    2008-10-16 00:36:01 ----A---- C:\WINDOWS\system32\SnoopFreeSvc.exe
    2008-10-16 00:36:01 ----A---- C:\WINDOWS\SnoopFreeUI.exe
    2008-10-16 00:36:01 ----A---- C:\WINDOWS\SnoopFreeDll.dll
    2008-10-09 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2008-10-08 21:16:13 ----D---- C:\Documents and Settings\ron\Application Data\VoozieMaker
    2008-10-08 21:11:32 ----D---- C:\Documents and Settings\All Users\Application Data\Make A Voozie
    2008-10-07 11:23:32 ----D---- C:\WINDOWS\Prefetch
    2008-10-07 11:19:48 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
    2008-10-07 11:19:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-10-07 11:19:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-10-07 11:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-10-07 11:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-10-07 11:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-10-07 11:19:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2008-10-07 11:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-10-07 11:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-10-07 11:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-10-07 11:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
    2008-10-07 11:18:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-10-07 11:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-10-07 11:14:38 ----D---- C:\WINDOWS\system32\scripting
    2008-10-07 11:14:35 ----D---- C:\WINDOWS\l2schemas
    2008-10-07 11:14:34 ----D---- C:\WINDOWS\system32\en
    2008-10-07 11:14:33 ----D---- C:\WINDOWS\system32\bits
    2008-10-03 20:23:30 ----N---- C:\WINDOWS\system32\wmphoto.dll
    2008-10-03 20:23:28 ----N---- C:\WINDOWS\system32\wlanapi.dll
    2008-10-03 20:23:26 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
    2008-10-03 20:23:26 ----N---- C:\WINDOWS\system32\windowscodecs.dll
    2008-10-03 20:23:21 ----N---- C:\WINDOWS\system32\tspkg.dll
    2008-10-03 20:23:21 ----N---- C:\WINDOWS\system32\tsgqec.dll
    2008-10-03 20:23:12 ----N---- C:\WINDOWS\system32\setupn.exe
    2008-10-03 20:23:10 ----N---- C:\WINDOWS\system32\rhttpaa.dll
    2008-10-03 20:23:09 ----N---- C:\WINDOWS\system32\rasqec.dll
    2008-10-03 20:23:09 ----N---- C:\WINDOWS\system32\qutil.dll
    2008-10-03 20:23:07 ----N---- C:\WINDOWS\system32\qcliprov.dll
    2008-10-03 20:23:07 ----N---- C:\WINDOWS\system32\qagentrt.dll
    2008-10-03 20:23:07 ----N---- C:\WINDOWS\system32\qagent.dll
    2008-10-03 20:23:07 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
    2008-10-03 20:23:05 ----N---- C:\WINDOWS\system32\onex.dll
    2008-10-03 20:23:00 ----N---- C:\WINDOWS\system32\napstat.exe
    2008-10-03 20:23:00 ----N---- C:\WINDOWS\system32\napmontr.dll
    2008-10-03 20:23:00 ----N---- C:\WINDOWS\system32\napipsec.dll
    2008-10-03 20:22:59 ----N---- C:\WINDOWS\system32\msxml6r.dll
    2008-10-03 20:22:59 ----N---- C:\WINDOWS\system32\msxml6.dll
    2008-10-03 20:22:58 ----N---- C:\WINDOWS\system32\msshavmsg.dll
    2008-10-03 20:22:58 ----N---- C:\WINDOWS\system32\mssha.dll
    2008-10-03 20:22:49 ----N---- C:\WINDOWS\system32\mmcperf.exe
    2008-10-03 20:22:49 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
    2008-10-03 20:22:49 ----N---- C:\WINDOWS\system32\mmcex.dll
    2008-10-03 20:22:49 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
    2008-10-03 20:22:40 ----N---- C:\WINDOWS\system32\l2gpstore.dll
    2008-10-03 20:22:39 ----N---- C:\WINDOWS\system32\kmsvc.dll
    2008-10-03 20:22:39 ----N---- C:\WINDOWS\system32\kbdpash.dll
    2008-10-03 20:22:39 ----N---- C:\WINDOWS\system32\kbdnepr.dll
    2008-10-03 20:22:39 ----N---- C:\WINDOWS\system32\kbdiultn.dll
    2008-10-03 20:22:39 ----N---- C:\WINDOWS\system32\kbdbhc.dll
    2008-10-03 20:22:31 ----A---- C:\WINDOWS\005295_.tmp
    2008-10-03 20:22:30 ----N---- C:\WINDOWS\system32\eapsvc.dll
    2008-10-03 20:22:30 ----N---- C:\WINDOWS\system32\eapqec.dll
    2008-10-03 20:22:30 ----N---- C:\WINDOWS\system32\eappprxy.dll
    2008-10-03 20:22:30 ----N---- C:\WINDOWS\system32\eapphost.dll
    2008-10-03 20:22:30 ----N---- C:\WINDOWS\system32\eappgnui.dll
    2008-10-03 20:22:30 ----N---- C:\WINDOWS\system32\eappcfg.dll
    2008-10-03 20:22:30 ----N---- C:\WINDOWS\system32\eapp3hst.dll
    2008-10-03 20:22:30 ----N---- C:\WINDOWS\system32\eapolqec.dll
    2008-10-03 20:22:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
    2008-10-03 20:22:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
    2008-10-03 20:22:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
    2008-10-03 20:22:27 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
    2008-10-03 20:22:27 ----N---- C:\WINDOWS\system32\dot3dlg.dll
    2008-10-03 20:22:27 ----N---- C:\WINDOWS\system32\dot3cfg.dll
    2008-10-03 20:22:27 ----N---- C:\WINDOWS\system32\dot3api.dll
    2008-10-03 20:22:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
    2008-10-03 20:22:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
    2008-10-03 20:22:26 ----N---- C:\WINDOWS\system32\dhcpqec.dll
    2008-10-03 20:22:24 ----N---- C:\WINDOWS\system32\credssp.dll
    2008-10-03 20:22:19 ----N---- C:\WINDOWS\system32\bitsprx4.dll
    2008-10-03 20:22:19 ----N---- C:\WINDOWS\system32\azroles.dll
    2008-10-03 20:22:16 ----N---- C:\WINDOWS\system32\aaclient.dll
    2008-09-24 16:16:25 ----A---- C:\WINDOWS\system32\novamnv5.dll
    2008-09-24 16:16:25 ----A---- C:\WINDOWS\system32\novamiv5.dll

    ======List of files/folders modified in the last 1 months======

    2008-10-18 21:26:58 ----D---- C:\WINDOWS\system32\drivers
    2008-10-18 21:26:58 ----D---- C:\WINDOWS\system32
    2008-10-18 21:26:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-10-18 21:23:37 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-10-18 21:23:33 ----D---- C:\WINDOWS
    2008-10-18 21:02:28 ----D---- C:\Documents and Settings\ron\Application Data\Skype
    2008-10-18 18:35:56 ----D---- C:\Documents and Settings\ron\Application Data\Azureus
    2008-10-18 18:19:10 ----RD---- C:\Program Files
    2008-10-18 12:38:23 ----D---- C:\WINDOWS\Temp
    2008-10-18 12:35:26 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-18 10:27:52 ----D---- C:\WINDOWS\system
    2008-10-18 10:27:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
    2008-10-18 09:52:40 ----D---- C:\Program Files\Common Files
    2008-10-18 09:50:06 ----D---- C:\Documents and Settings\ron\Application Data\skypePM
    2008-10-18 09:40:13 ----D---- C:\WINDOWS\Registration
    2008-10-18 09:10:09 ----D---- C:\Documents and Settings\ron\Application Data\AVG7
    2008-10-17 03:05:32 ----SHD---- C:\Config.Msi
    2008-10-17 03:05:28 ----SHD---- C:\WINDOWS\Installer
    2008-10-17 03:05:25 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-17 03:04:47 ----HD---- C:\WINDOWS\inf
    2008-10-17 03:04:42 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-17 03:04:40 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-16 17:23:27 ----A---- C:\WINDOWS\NeroDigital.ini
    2008-10-16 15:22:36 ----A---- C:\WINDOWS\cdplayer.ini
    2008-10-16 10:40:53 ----D---- C:\Program Files\MagicISO
    2008-10-15 02:42:25 ----D---- C:\Program Files\EPSON Print CD
    2008-10-14 14:03:18 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
    2008-10-14 12:46:50 ----D---- C:\Documents and Settings\ron\Application Data\Vso
    2008-10-14 09:20:46 ----RHD---- C:\$VAULT$.AVG
    2008-10-11 09:42:22 ----HD---- C:\LG3G
    2008-10-11 09:28:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-10-07 20:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-10-07 11:24:08 ----A---- C:\WINDOWS\OEWABLog.txt
    2008-10-07 11:23:39 ----A---- C:\WINDOWS\setuplog.txt
    2008-10-07 11:23:04 ----D---- C:\WINDOWS\system32\Setup
    2008-10-07 11:23:04 ----D---- C:\WINDOWS\AppPatch
    2008-10-07 11:23:03 ----D---- C:\WINDOWS\system32\wbem
    2008-10-07 11:23:02 ----RSD---- C:\WINDOWS\Fonts
    2008-10-07 11:22:57 ----D---- C:\Program Files\Google
    2008-10-07 11:21:57 ----D---- C:\WINDOWS\security
    2008-10-07 11:19:53 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-07 11:18:25 ----D---- C:\Program Files\Messenger
    2008-10-07 11:15:12 ----D---- C:\WINDOWS\WinSxS
    2008-10-07 11:15:02 ----D---- C:\WINDOWS\network diagnostic
    2008-10-07 11:15:02 ----D---- C:\WINDOWS\ime
    2008-10-07 11:15:01 ----D---- C:\WINDOWS\Help
    2008-10-07 11:14:39 ----D---- C:\WINDOWS\system32\usmt
    2008-10-07 11:14:39 ----D---- C:\WINDOWS\system32\en-US
    2008-10-07 11:14:35 ----D---- C:\Program Files\Internet Explorer
    2008-10-07 11:14:33 ----D---- C:\WINDOWS\peernet
    2008-10-07 11:14:33 ----D---- C:\Program Files\Movie Maker
    2008-10-07 11:10:49 ----D---- C:\WINDOWS\system32\Restore
    2008-10-07 11:10:49 ----D---- C:\WINDOWS\system32\npp
    2008-10-07 11:10:47 ----D---- C:\WINDOWS\msagent
    2008-10-07 11:10:44 ----D---- C:\WINDOWS\srchasst
    2008-10-07 11:10:43 ----D---- C:\Program Files\NetMeeting
    2008-10-07 11:10:40 ----D---- C:\WINDOWS\system32\Com
    2008-10-07 11:10:37 ----D---- C:\Program Files\Windows Media Player
    2008-10-07 11:10:36 ----D---- C:\Program Files\Windows NT
    2008-10-07 11:10:36 ----D---- C:\Program Files\Outlook Express
    2008-10-07 11:10:32 ----D---- C:\Program Files\Common Files\System
    2008-10-07 11:10:07 ----D---- C:\WINDOWS\system32\oobe
    2008-10-07 11:06:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2008-10-07 11:04:16 ----D---- C:\WINDOWS\EHome
    2008-10-03 20:08:14 ----D---- C:\WINDOWS\Debug
    2008-09-26 13:02:13 ----D---- C:\Documents and Settings\ron\Application Data\Apple Computer
    2008-09-23 19:39:47 ----D---- C:\Program Files\FootyOnline.tv
    2008-09-23 11:23:36 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-11-23 821856]
    R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-11-23 4224]
    R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-11-23 27776]
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
    R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-21 10760]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
    R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 LANPkt;Realtek LANPkt Protocol Driver; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2004-03-09 8568]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
    R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-12-09 3536768]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-27 47360]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
    R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-10-23 103296]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 abmbnsa2;abmbnsa2; C:\WINDOWS\system32\drivers\abmbnsa2.sys []
    S3 atidgllk;atidgllk; \??\C:\Program Files\ASUS\SmartDoctor\atidgllk.sys []
    S3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2005-04-24 11114]
    S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-10-23 103296]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2004-03-31 15360]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
    R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
    R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-02-21 81920]
    R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-12-09 131139]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-09-29 266343]
    R2 SnoopFreeSvc;Snoop Free Service; C:\WINDOWS\System32\SnoopFreeSvc.exe [2008-10-16 90112]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
    R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
    S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-11-23 418816]
    S2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-11-23 49664]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-10 655624]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-12-10 353280]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    EOF
  • noneckferretnoneckferret
    edited October 2008
    Sorry about this it would not allow me to put all three logs in together . I also had a message saying certain windows files were duplicated falsly and to insert my windows disk after mbam deleted the files
  • VekaVeka Finland
    edited October 2008
    Hello again. :)

    Thanks for the logs.

    • Please download GMER to your Desktop
    • Unzip the file and double click the gmer.exe file
    • Select Rootkit/Malwarea tab and press Scan
    • When GMER has finished, press Copy and post back the log it makes.
    Note: Do not check the "Show All" box during the scan!
  • noneckferretnoneckferret
    edited October 2008
    Hi again vekarppe I'm having a major problem with my RAID volume which I am going to ask about in storage . I'm using an old pc to get back on here so it may take me a while to get the RAID problem fixed . Is it possible to keep this thread open , or should I start again ?
  • VekaVeka Finland
    edited October 2008
    Sure, I'll keep this open. :)

    Please contact me if the thread is closed.
  • noneckferretnoneckferret
    edited October 2008
    Hi Back again but still with problems.When I try to boot I get windows matrix storage manager screen saying all 3 disks are fine but the RAID volume will be repaired within the OS. If I try yo get ti to perform option 1. create Raid volume it tells me there is not enough space. If I leave it I get the windows startup options page and whenever I press enter it locks up and the only thing I can do is switch off at the power button. The same happens if I insert my windows disk and try to repair the installation, once it enters the repair utility it freezes .I know I could format all the disks and start again but I do have some data on them that would cause me a lot of work if I loose it .
    I'm not sure if this is a software or storage problem , is another symptom of this virus or it was caused by mbam deleting those files .
  • VekaVeka Finland
    edited October 2008
    Hi noneckferret.

    I don't believe your problem is a result of MBAM scan per se. Instead, your logs shows that you have some really nasty infections there, namely rootkits.

    A rootkit is malware which consists of a program (or combination of several programs) designed to take fundamental control (in Unix terms "root" access, in Windows terms, "Administrator" access) of a computer system, without authorization by the system's owners and legitimate managers. - Wikipedia

    In this case I'd recommend formatting your HD's and reinstalling OS. That's the best way to get rid of these malwares.

    Can't you backup your important data somehow?
  • noneckferretnoneckferret
    edited October 2008
    If you can suggest a way to back up my data then I would be truly grateful. Meanwhile may I suggest that before you get anyone else to run MBAM you get them to download and install the windows recovery console just in case MBAM deletes improtant windows files as it has with me . If I had run RSIT first then maybe you would have seen I have avg anti root kit installed or another rootkit could have been run to take care of the infactions attatched to these obviously very important windows files before MBAM deleted them .
    A little knowlege can be a bad thing my friend, I was fully aware of these malware removers before I contacted you and only did so hoping not to make this sort of an error !
    Thank you for your time anyway
  • VekaVeka Finland
    edited October 2008
    Hi noneckferret. I'm really sorry.

    I don't see MBAM removed anything that could cause your problem. Do you? Could you refer to your local expert and ask ways to backup your HD's?
  • noneckferretnoneckferret
    edited October 2008
    Hi again vekarppe the reason I think it was MBAM is I got the message from windows about the falsly duplicated files IMMEDEATELY after I removed the malicious files . Maybe this virus has a way of making MBAM create a false report ? Or maybe it has had such an exrteme effect on my pc because I use RAID ?It would not let me run hijack this (I keep a clean log for this purpose ) combo fix ,or even get on to the trend micro website . Thanks again and I hope this helps you with other people who get this thing . My local expert says he has had a lot of people coming to him about it .I can't believe I was so stupid as to open the thing in the first place .Anyway I'm off to do some formatting and abour 16 hours rewriting a spreadsheet :-((
  • VekaVeka Finland
    edited October 2008
    That's possible what you said, as you had some really bad infections there.

    Get more knowledge about how to protecet your computer and prevent malware issues by reading these short articles:
  • VekaVeka Finland
    edited October 2008
    Glad we could be of assistance! The help you received here was free.

    This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead :)
    _______________________________
    Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.
Sign In or Register to comment.