Please help remove this virus -HJT log attached

Byron172 · August 2009

Any help with this one would be much appreciated.

A friend of mine has somehow got a virus that seems to open a webpage (in IE) without his consent. He often will walk away from the PC and on return IE has opened on it's own and is on a webpage with pretty much just Chinese/Japanese text all over it. It has also slowed his PC down (and also his laptop which has been infected via an external HDD being attached from PC to laptop).

I have a copy of his Hijack This logfile as follows, thanks for any help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:53 PM, on 6/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\3DSP\Total Wireless\panel\TdspMa.exe
C:\Program Files\Elantech\ktpCtrl.exe
C:\Program Files\Control Center\CCenter.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\3DSP\Total Wireless\panel\TdspWB.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TdspMaLoader] C:\Program Files\3DSP\Total Wireless\panel\TdspMaLoader.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktpCtrl.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\Control Center\CCenter.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 3DD9CB.lnk = C:\WINDOWS\system32\871427\3DD9CB.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240885951992
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 6294 bytes

Katana · August 2009

Welcome back Byron,

You seem to have an awful lot of friends that can't keep their computers clean

I am currently trying to help a friend << 21 Jun 2009
My colleague has recently received notification that she has two infections on her PC << 7 May 2009
A friend of mine recently visited a dodgy website and says he believes his laptop is now infected << 2 Oct 2008
One of my colleagues got a virus << 20 Aug 2008
This young lady has an infected laptop << 22 Feb 2008
my boss has got a virus << 16 Jan 2008
I have been trying to help out a friend whose pc is running extremely slow << 9 Jan 2008
A friend of mine seems to have gotten a nasty virus << 4 Nov 2007
His older sister then told me that she was having some weird things happen on her laptop << 8 Nov 2007
I am trying to help my friend << 21 Oct 2007
I am currently working on a friends computer. << 7 Oct 2006
I will be attempting to remove the last traces of Spyware Strike from a friends computer << 2 Feb 2006

And that is just from the Malware room

Are all these people really "friends" or clients ?
Given the amount of machines you have helped clean or repair, it looks like it is a job.

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )

SysProt Antirootkit

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Byron172 · August 2009

Hi Katana - Unfortunately I am the "go to" guy among my friends and colleagues for "all things computer related" and every now and then they get viruses etc. Rest assured that I'm not getting paid for this and if I could encourage them all to register to Icrontic and contact you guys themselves -that would be a great relief!!! Given that these 11 cases span 3 years of using Icrontic - I'm extremely glad it is not a source of income hehehe. Keep in mind that Icrontic is the only site I use as I have found your help here both reliable and friendly.
You guys do this as a favor and a commitment to stamping out malware and viruses, which is the same reason I oblige my friends in helping them out. If there is a way that I can learn what you guys do to repay your fantastic help over the last 3 years I would be more than happy to do so. Let me know if you are interested in training a potential virus slayer and I would be more than happy to learn.
Again - I appreciate all your help and rest assured that my day to day job in Hospitatlity is my only "pay packet". If I am lucky - my friends will sometimes (maybe) give me a bottle of wine in appreciation for helping them out, but this is truly the only material gain I get from doing this. (I do however understand your concern).
All that aside - thanks for your advice. I will follow your instruction and post back soon, in fact if you are happy for me to pass on the thread link to my mate (his name is Scott) I could just get him to correspond with you for the duration of the removal process, what do you think?

Byron172 · August 2009

Hi Katana- I have done as you have instructed and the logs are as follows:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Scott Fisher at 2009-08-08 11:55:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 112 GB (75%) free of 149 GB
Total RAM: 1014 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:42 AM, on 8/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\3DSP\Total Wireless\panel\TdspMa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ktpCtrl.exe
C:\Program Files\Control Center\CCenter.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\3DSP\Total Wireless\panel\TdspWB.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott Fisher\Desktop\Virus removal Folder\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Scott Fisher.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TdspMaLoader] C:\Program Files\3DSP\Total Wireless\panel\TdspMaLoader.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktpCtrl.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\Control Center\CCenter.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 3DD9CB.lnk = C:\WINDOWS\system32\871427\3DD9CB.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240885951992
O17 - HKLM\System\CCS\Services\Tcpip\..\{18425A3B-86EE-4225-9BB1-5D497286A0ED}: NameServer = 203.2.193.67 202.135.30.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 6597 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-23 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-27 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-27 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
""= []
"TdspMaLoader"=C:\Program Files\3DSP\Total Wireless\panel\TdspMaLoader.exe [2008-08-05 20480]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-12-20 16860672]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"KTPWare"=C:\Program Files\Elantech\ktpCtrl.exe [2008-06-10 311296]
"Control Center"=C:\Program Files\Control Center\CCenter.exe [2008-12-24 793088]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-11-04 2087424]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-23 1948440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Scott Fisher\Start Menu\Programs\Startup
3DD9CB.lnk - C:\WINDOWS\system32\871427\3DD9CB.EXE
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-23 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f27ba01-6e70-11de-9f0d-0015831b3359}]
shell\1\command - D:\Recycle.exe
shell\2\command - D:\Recycle.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b2a5f28-687a-11de-9f0a-0021c5109a27}]
shell\1\command - F:\Recycle.exe
shell\2\command - F:\Recycle.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42f38c44-4b2d-11de-9ef5-00030d000001}]
shell\AutoRun\command - D:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42f38c47-4b2d-11de-9ef5-0021c5109a27}]
shell\AutoRun\command - D:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a8e5b10-69cb-11de-9f0b-0015831b3359}]
shell\1\command - E:\Recycle.exe
shell\2\command - E:\Recycle.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b07718-54f2-11de-9efe-0021c5109a27}]
shell\1\command - D:\Recycle.exe
shell\2\command - D:\
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b07719-54f2-11de-9efe-0021c5109a27}]
shell\1\command - Recycle.exe
shell\2\command - Recycle.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b0771b-54f2-11de-9efe-0021c5109a27}]
shell\1\command - D:\Recycle.exe
shell\2\command - D:\Recycle.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b0771c-54f2-11de-9efe-0021c5109a27}]
shell\1\command - D:\Recycle.exe
shell\2\command - D:\Recycle.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7931d5e-62d4-11de-9f03-0021c5109a27}]
shell\1\command - D:\Recycle.exe
shell\2\command - D:\Recycle.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcf116d-74d0-11de-9f12-0015831b3359}]
shell\1\command - Recycle.exe
shell\2\command - Recycle.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7ee8dc2-6fa3-11de-9f0e-0015831b3359}]
shell\1\command - D:\Recycle.exe
shell\2\command - D:\Recycle.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7cd4c4d-4a4b-11de-9ef2-00e04c700054}]
shell\AutoRun\command - D:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7cd4c4e-4a4b-11de-9ef2-00e04c700054}]
shell\AutoRun\command - D:\setup_vmc_lite.exe /checkApplicationPresence

======List of files/folders created in the last 1 months======

2009-08-08 11:55:22 ----D---- C:\rsit
2009-08-08 11:22:32 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-08 11:22:27 ----D---- C:\Program Files\MSBuild
2009-08-08 11:22:19 ----D---- C:\Program Files\Reference Assemblies
2009-08-08 11:21:42 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-08 11:21:42 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-08 11:21:42 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-08 11:21:41 ----D---- C:\7289b25eb99761f98e4a7f
2009-08-08 11:19:15 ----SHD---- C:\Config.Msi
2009-08-06 22:20:34 ----D---- C:\Program Files\Trend Micro
2009-08-02 21:37:48 ----HD---- C:\WINDOWS\PIF
2009-07-26 12:49:07 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-07-23 23:02:43 ----HD---- C:\$AVG8.VAULT$
2009-07-23 22:58:43 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-23 22:58:06 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-23 22:57:57 ----D---- C:\Program Files\AVG
2009-07-23 22:57:56 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-23 22:38:58 ----D---- C:\Documents and Settings\Scott Fisher\Application Data\AVG8
2009-07-23 21:51:25 ----D---- C:\Program Files\MSXML 6.0
2009-07-23 21:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-23 21:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-22 09:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-22 09:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-22 09:39:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-22 09:39:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-22 09:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-07-22 09:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-07-22 09:37:22 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-22 09:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-22 09:34:00 ----D---- C:\Program Files\MSXML 4.0
2009-07-22 09:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-22 09:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-07-21 08:57:18 ----A---- C:\WINDOWS\system32\muweb.dll
2009-07-21 08:57:18 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-07-21 08:57:18 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-07-20 22:04:29 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-20 22:04:28 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-07-20 22:04:13 ----D---- C:\Program Files\Windows Media Connect 2
2009-07-20 22:04:02 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-07-20 22:03:11 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-07-20 22:02:37 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-20 22:02:32 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-07-20 14:26:35 ----D---- C:\Program Files\DIFX
2009-07-20 14:25:54 ----D---- C:\Program Files\RTI
2009-07-12 16:07:50 ----HD---- C:\WINDOWS\system32\F8C915
2009-07-12 16:07:50 ----HD---- C:\WINDOWS\system32\871427
2009-07-12 16:07:50 ----HD---- C:\WINDOWS\system32\431D07
2009-07-12 16:07:50 ----HD---- C:\WINDOWS\system32\10DB38

======List of files/folders modified in the last 1 months======

2009-08-08 11:55:27 ----D---- C:\WINDOWS\Prefetch
2009-08-08 11:54:52 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2009-08-08 11:46:44 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-08 11:46:37 ----RSD---- C:\WINDOWS\assembly
2009-08-08 11:31:16 ----D---- C:\WINDOWS
2009-08-08 11:31:01 ----A---- C:\RTHDCPL_Dump.txt
2009-08-08 11:28:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-08 11:28:36 ----SHD---- C:\WINDOWS\Installer
2009-08-08 11:28:33 ----D---- C:\WINDOWS\Temp
2009-08-08 11:27:14 ----D---- C:\WINDOWS\system32
2009-08-08 11:27:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-08 11:26:53 ----D---- C:\WINDOWS\WinSxS
2009-08-08 11:22:27 ----RD---- C:\Program Files
2009-08-08 11:22:25 ----D---- C:\WINDOWS\system32\en-US
2009-08-08 11:22:24 ----RSD---- C:\WINDOWS\Fonts
2009-08-08 11:22:04 ----HD---- C:\WINDOWS\inf
2009-08-08 11:22:01 ----D---- C:\WINDOWS\system32\spool
2009-08-08 11:21:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-08 11:21:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-08 11:19:25 ----D---- C:\Program Files\Internet Explorer
2009-08-02 21:27:43 ----D---- C:\WINDOWS\system32\Restore
2009-07-30 08:30:47 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2009-07-30 08:29:55 ----D---- C:\WINDOWS\Help
2009-07-29 21:42:59 ----D---- C:\Documents and Settings
2009-07-29 20:59:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-27 18:06:55 ----A---- C:\WINDOWS\system.ini
2009-07-25 14:57:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-23 22:58:43 ----D---- C:\WINDOWS\system32\drivers
2009-07-23 22:57:49 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-23 21:51:35 ----D---- C:\Program Files\Microsoft SQL Server
2009-07-23 21:50:03 ----D---- C:\WINDOWS\Registration
2009-07-23 21:48:20 ----A---- C:\WINDOWS\imsins.BAK
2009-07-22 09:39:55 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-22 09:38:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-20 22:04:21 ----A---- C:\WINDOWS\win.ini
2009-07-20 22:04:12 ----D---- C:\Program Files\Windows Media Player
2009-07-20 14:26:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-20 14:25:54 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-19 23:03:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 23:02:59 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-23 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-23 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-06-25 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-25 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-06 18320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-12-30 101120]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-12-20 4637696]
R3 Ktp;Elantech TouchPad; C:\WINDOWS\system32\DRIVERS\Ktp.sys [2008-06-10 26624]
R3 MFCARD;3DSP WLAN and BlueTooth Card; C:\WINDOWS\system32\DRIVERS\tdspbus.sys [2008-09-05 4243072]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-07-01 108800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-06 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-06 44304]
R3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2007-03-06 19472]
S3 BTCARD;3DSP Bluetooth Card v2.0; C:\WINDOWS\system32\DRIVERS\btcard.sys [2008-08-05 214656]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 WLAN3DSPXP;3DSP WLAN Card; C:\WINDOWS\system32\DRIVERS\wltbus50.sys [2008-08-05 165376]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-23 298776]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-28 166520]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-28 51816]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

EOF

info.txt logfile of random's system information tool 1.06 2009-08-08 11:55:45

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bluesoleil2.7.0.13 VoIP Release 071227-->MsiExec.exe /X{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}
Business Contact Manager for Outlook 2007-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A09AB2EA-4E3B-48A8-A716-CD4FB3529548}\setup.exe" -l0x9
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Integration Designer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB21B9A7-6AF7-4E3F-BF1B-792A40B313CB}\setup.exe" -l0x9 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
KTP Ware PS/2-x86 5.3.0.4-->rundll32.exe "C:\Program Files\Elantech\KTUninst.dll",KTech_Uninstall 0
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Activation Assistant for Netbooks-->MsiExec.exe /X{0DCF2BB4-A124-4596-89F7-5670294E091B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
stillCap-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8C5FF4F-CF19-4533-87E0-99B622988783}\setup.exe" -l0x9 -removeonly
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Vodafone Mobile Connect-->MsiExec.exe /X{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}
Windows Driver Package - Remote Technologies Inc. (WinUSB) Control Device (04/07/2009 2.0.0.201)-->C:\PROGRA~1\DIFX\5FBEA162D9127253\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\rtiwinusb_320AE9430E343DB75DA7FFAE5960AEB75EA24650\rtiwinusb.inf
Windows Driver Package - RTI ZB-Pro Driver Package (02/17/2009 2.04.16)-->C:\PROGRA~1\DIFX\5FBEA162D9127253\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\zbpro_b_C9911EE4FB7F5E72575D0635021BFD5AC39F984F\zbpro_b.inf
Windows Driver Package - RTI ZB-Pro Driver Package (02/17/2009 2.04.16)-->C:\PROGRA~1\DIFX\5FBEA162D9127253\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\zbpro_p_C44A42F082FA65E606B9D4CC8AF1412A15C0AD18\zbpro_p.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: CUSTOMER-CB9925
Event Code: 256
Message: Timed out sending notification of device interface change to window of "SAS window"

Record Number: 347
Source Name: PlugPlayManager
Time Written: 20090531060918.000000+570
Event Type: warning
User:

Computer Name: CUSTOMER-CB9925
Event Code: 256
Message: Timed out sending notification of device interface change to window of "SAS window"

Record Number: 346
Source Name: PlugPlayManager
Time Written: 20090531060918.000000+570
Event Type: warning
User:

Computer Name: CUSTOMER-CB9925
Event Code: 256
Message: Timed out sending notification of device interface change to window of "SAS window"

Record Number: 345
Source Name: PlugPlayManager
Time Written: 20090531060918.000000+570
Event Type: warning
User:

Computer Name: CUSTOMER-CB9925
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 266
Source Name: Windows Update Agent
Time Written: 20090529100229.000000+570
Event Type: error
User:

Computer Name: CUSTOMER-CB9925
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0021C5109A27. The following error
occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 233
Source Name: Dhcp
Time Written: 20090528181330.000000+570
Event Type: error
User:

=====Application event log=====

Computer Name: CUSTOMER-CB9925
Event Code: 0
Message: conflictManagerTypeValue

Record Number: 11178
Source Name: VMCService
Time Written: 20090726141934.000000+570
Event Type: error
User:

Computer Name: CUSTOMER-CB9925
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Record Number: 11164
Source Name: SQLBrowser
Time Written: 20090726141931.000000+570
Event Type: warning
User:

Computer Name: CUSTOMER-CB9925
Event Code: 0
Message: GetLoggedOnUser

Record Number: 11161
Source Name: VMCService
Time Written: 20090726140015.000000+570
Event Type: error
User:

Computer Name: CUSTOMER-CB9925
Event Code: 0
Message: conflictManagerTypeValue

Record Number: 11125
Source Name: VMCService
Time Written: 20090726124729.000000+570
Event Type: error
User:

Computer Name: CUSTOMER-CB9925
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Record Number: 11111
Source Name: SQLBrowser
Time Written: 20090726124725.000000+570
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

EOF

Byron172 · August 2009

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 704
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 752
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 776
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 820
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 832
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 996
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1044
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1084
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1124
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1172
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1252
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1360
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1484
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 1532
Hidden: No
Window Visible: No

Name: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PID: 1548
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1572
Hidden: No
Window Visible: No

Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PID: 1636
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 1772
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 1780
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1928
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PID: 220
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxtray.exe
PID: 492
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 520
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 528
Hidden: No
Window Visible: No

Name: C:\Program Files\3DSP\Total Wireless\panel\TdspMa.exe
PID: 556
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.exe
PID: 576
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 608
Hidden: No
Window Visible: No

Name: C:\Program Files\Elantech\KTPCTRL.EXE
PID: 688
Hidden: No
Window Visible: No

Name: C:\Program Files\Control Center\CCenter.exe
PID: 724
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PID: 748
Hidden: No
Window Visible: No

Name: C:\Program Files\3DSP\Total Wireless\panel\TdspWB.exe
PID: 964
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgtray.exe
PID: 1028
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 1112
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PID: 1700
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PID: 1792
Hidden: No
Window Visible: No

Name: C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
PID: 1872
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1900
Hidden: No
Window Visible: No

Name: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PID: 2104
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PID: 2140
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2564
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2868
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 3800
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\notepad.exe
PID: 3972
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\notepad.exe
PID: 3960
Hidden: No
Window Visible: Yes

Name: C:\Documents and Settings\Scott Fisher\Desktop\Virus removal Folder\SysProt\SysProt\SysProt.exe
PID: 180
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Scott Fisher\Desktop\Virus removal Folder\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A8E28000
Module End: A8E33000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7AFE000
Module End: F7B00000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7A0E000
Module End: F7A11000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F74CF000
Module End: F74FD000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7B00000
Module End: F7B02000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F74BE000
Module End: F74CF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F75FE000
Module End: F7608000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F7A12000
Module End: F7A15000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F7A16000
Module End: F7A1A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7BC6000
Module End: F7BC7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F787E000
Module End: F7885000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F760E000
Module End: F7619000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F749F000
Module End: F74BE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: F7A1A000
Module End: F7A1D000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: F7BC7000
Module End: F7BC8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F7886000
Module End: F788B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F761E000
Module End: F762B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F7487000
Module End: F749F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F762E000
Module End: F7637000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F763E000
Module End: F764B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F7467000
Module End: F7487000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7455000
Module End: F7467000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F743E000
Module End: F7455000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F742B000
Module End: F743E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F739E000
Module End: F742B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F7371000
Module End: F739E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\vbtenum.sys
Service Name: BTHidEnum
Module Base: F7A1E000
Module End: F7A22000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\tpsacpi.SYS
Service Name: tpsacpi
Module Base: F7B02000
Module End: F7B04000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7357000
Module End: F7371000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\BTHidMgr.sys
Service Name: BTHidMgr
Module Base: F788E000
Module End: F7895000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F777E000
Module End: F7787000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F7ABA000
Module End: F7ABE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Service Name: ialm
Module Base: F6D68000
Module End: F72FE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F6D54000
Module End: F6D68000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F6D2C000
Module End: F6D54000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Service Name: RTLE8023xp
Module Base: F6D11000
Module End: F6D2C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tdspbus.sys
Service Name: MFCARD
Module Base: F6905000
Module End: F6D11000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F790E000
Module End: F7914000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F68E1000
Module End: F6905000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7916000
Module End: F791E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F778E000
Module End: F779B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F791E000
Module End: F7924000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Ktp.sys
Service Name: Ktp
Module Base: F779E000
Module End: F77AA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7926000
Module End: F792C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\VcommMgr.sys
Service Name: VcommMgr
Module Base: F77AE000
Module End: F77B8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VHIDMini.sys
Service Name: VHidMinidrv
Module Base: F7ACA000
Module End: F7ACE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\HIDCLASS.SYS
Service Name: ---
Module Base: F77BE000
Module End: F77C7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\HIDPARSE.SYS
Service Name: ---
Module Base: F792E000
Module End: F7935000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
Service Name: BlueletAudio
Module Base: F7936000
Module End: F793D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\portcls.sys
Service Name: ---
Module Base: F68BD000
Module End: F68E1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\drmk.sys
Service Name: ---
Module Base: F77CE000
Module End: F77DD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F689A000
Module End: F68BD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
Service Name: BlueletSCOAudio
Module Base: F793E000
Module End: F7944000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7C6A000
Module End: F7C6B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RootMdm.sys
Service Name: ROOTMODEM
Module Base: F7B14000
Module End: F7B16000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F7946000
Module End: F794E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F77DE000
Module End: F77EB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7ACE000
Module End: F7AD1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F6883000
Module End: F689A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F77EE000
Module End: F77F9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F77FE000
Module End: F780A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F794E000
Module End: F7953000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F684A000
Module End: F685B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F780E000
Module End: F7817000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7956000
Module End: F795B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F795E000
Module End: F7963000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
Service Name: BT
Module Base: F7ADE000
Module End: F7AE1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VComm.sys
Service Name: VComm
Module Base: F7966000
Module End: F796D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: Serenum
Module Base: F7AE2000
Module End: F7AE6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F781E000
Module End: F7828000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7B16000
Module End: F7B18000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F67EC000
Module End: F684A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7AE6000
Module End: F7AEA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F7AEA000
Module End: F7AED000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F782E000
Module End: F7838000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F784E000
Module End: F785D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7B18000
Module End: F7B1A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: AA32A000
Module End: AA7C0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7B1C000
Module End: F7B1E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7C2C000
Module End: F7C2D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7B1E000
Module End: F7B20000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F7996000
Module End: F799C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7B20000
Module End: F7B22000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7B22000
Module End: F7B24000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F799E000
Module End: F79A3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F79A6000
Module End: F79AE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F686F000
Module End: F6872000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AA207000
Module End: AA21A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AA1AE000
Module End: AA207000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: AA195000
Module End: AA1AE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AA16F000
Module End: AA195000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AA147000
Module End: AA16F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F765E000
Module End: F7667000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AA125000
Module End: AA147000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F766E000
Module End: F7677000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AA0FA000
Module End: AA125000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AA08A000
Module End: AA0FA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F769E000
Module End: F76A9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F79AE000
Module End: F79B4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: AA039000
Module End: AA08A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F79BE000
Module End: F79C6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\usbvideo.sys
Service Name: usbvideo
Module Base: AA01B000
Module End: AA039000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
Service Name: hwdatacard
Module Base: AA002000
Module End: AA01B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: F79E6000
Module End: F79ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F76BE000
Module End: F76CE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F76EE000
Module End: F76FE000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: A9FC2000
Module End: A9FDA000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B54000
Module End: F7B56000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F6873000
Module End: F6876000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F78C6000
Module End: F78CB000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7D15000
Module End: F7D16000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A9E4A000
Module End: A9E4E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A9BD5000
Module End: A9C02000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A9A80000
Module End: A9A95000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: A9B85000
Module End: A9B94000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A96E6000
Module End: A9738000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A915B000
Module End: A919C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Service Name: AsyncMac
Module Base: A8E8F000
Module End: A8E93000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A89AA000
Module End: A89D5000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: CUSTOMER-CB9925:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: CUSTOMER-CB9925:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: CUSTOMER-CB9925:10080
Remote Address: LOCALHOST:1735
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: CUSTOMER-CB9925:10080
Remote Address: LOCALHOST:1733
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:10080
Remote Address: LOCALHOST:1731
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:10080
Remote Address: LOCALHOST:1711
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:10080
Remote Address: LOCALHOST:1705
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:10080
Remote Address: LOCALHOST:1703
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: CUSTOMER-CB9925:1735
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: CUSTOMER-CB9925:1029
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: CUSTOMER-CB9925:1736
Remote Address: PERSONIFI.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: CUSTOMER-CB9925:1708
Remote Address: 124.40.42.8:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1690
Remote Address: 61.213.189.115:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1660
Remote Address: JP-IN-F155.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1654
Remote Address: 118.215.92.20:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1652
Remote Address: 61.213.189.40:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1636
Remote Address: JP-IN-F154.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1634
Remote Address: JP-IN-F164.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1627
Remote Address: 74.125.153.138:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1625
Remote Address: TY-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1623
Remote Address: TY-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1621
Remote Address: TY-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1619
Remote Address: JP-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:1617
Remote Address: JP-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CUSTOMER-CB9925:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CUSTOMER-CB9925:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: CUSTOMER-CB9925:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CUSTOMER-CB9925:1340
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: CUSTOMER-CB9925:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CUSTOMER-CB9925:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CUSTOMER-CB9925:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CUSTOMER-CB9925:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CUSTOMER-CB9925:MS-SQL-M
Remote Address: NA
Type: UDP
Process: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
State: NA

Local Address: CUSTOMER-CB9925:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CUSTOMER-CB9925:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{C4C9E1A0-28E5-4525-B0B6-5CE142DAC8B3}
Status: Access denied

Katana · August 2009

Information

Hi Byron,

No problem, we just like to check

It may be easier if Scott does this directly, it will probably speed it up also.

If you would like to learn to remove infections, you could always visit where I trained http://www.malwareremoval.com/

Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 2

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

MalwareBytes Log
Combofix log
How are things running now ?

Please help remove this virus -HJT log attached

Comments