Options

?

Unknown
edited December 2009 in Spyware & Virus Removal
is tihs what i'm suppoesd to be post to get rid of nexplore?

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Owner at 2009-12-28 19:35:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 155 GB (84%) free of 184 GB
Total RAM: 1015 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:15 PM, on 12/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Owner\My Documents\Downloads\RSIT(2).exe
C:\Program Files\trend micro\HP_Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 aviraplatinum2009.microsoft.com
O1 - Hosts: 91.212.127.227 aviraplatinum2009.com
O1 - Hosts: 91.212.127.227 www.aviraplatinum2009.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [reroperat] Rundll32.exe "c:\windows\system32\zoyulolu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; customie8)" -"http://www.primarygames.com/arcade/sports/sewerrun/index.htm"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-fashion-dash/fashiondashweb.1.0.0.21.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/THE%20GAME%20OF%20LIFE%20by%20Hasbro/Images/stg_drm.ocx
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} (CPlayFirstGreatChocoControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-the-great-chocolate-chase/greatchocolatechaseweb.1.0.0.12.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://aolsvc.aol.com/onlinegames/luxor/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://clubgames.pogo.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-lotus-deluxe/zylomplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/THE%20GAME%20OF%20LIFE%20by%20Hasbro/Images/armhelper.ocx
O16 - DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} (CPlayFirstWanderingWControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-wandering-willows/WanderingWillowsWeb.1.0.0.18.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/free-trial-peggle-deluxe/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E9B80D94-D8BB-43CC-9138-75605A8D9666} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-wedding-dash/WeddingDash.1.0.0.50.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4269C37D-3A31-416A-95BE-654DD416BBF8}: NameServer = 205.188.146.145
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: yinuyoni.dll c:\windows\system32\zoyulolu.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: tibetunef - {b66c4254-9ecc-443d-b379-2913679c71c2} - c:\windows\system32\zoyulolu.dll
O22 - SharedTaskScheduler: gahurihor - {b66c4254-9ecc-443d-b379-2913679c71c2} - c:\windows\system32\zoyulolu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 13020 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
C:\WINDOWS\tasks\rpc.job
C:\WINDOWS\tasks\SpyHunter.job
C:\WINDOWS\tasks\stlqfheb.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9E535D9A-79D4-40B0-A987-896EE2B38CD1}.job
C:\WINDOWS\tasks\vowintnf.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2009-03-20 1279272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-20 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2009-03-20 1279272]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-18 61952]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"HPHUPD06"=c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-05-04 180269]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"PS2"=C:\WINDOWS\system32\ps2.exe [2004-10-25 90112]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-10-13 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-10-13 2742272]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-10-13 57344]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2004-02-23 188416]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-07 496752]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2009-11-11 590848]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []
"reroperat"=c:\windows\system32\zoyulolu.dll [2009-09-28 92672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-05 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0b\aoltray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="yinuyoni.dll c:\windows\system32\zoyulolu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlntf]
C:\WINDOWS\system32\avgwlntf.dll [2009-04-26 9216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
tibetunef - {b66c4254-9ecc-443d-b379-2913679c71c2} - c:\windows\system32\zoyulolu.dll [2009-09-28 92672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
gahurihor - {b66c4254-9ecc-443d-b379-2913679c71c2} - c:\windows\system32\zoyulolu.dll [2009-09-28 92672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
motipewo.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:AVG Control Center"
"C:\Program Files\Grisoft\AVG7\avgw.exe"="C:\Program Files\Grisoft\AVG7\avgw.exe:*:Enabled:AVG Test Center"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:America Online 9.0b"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f976d67c-dc52-11de-8381-00038a000015}]
shell\AutoRun\command - E:\InstallTomTomHOME.exe


======List of files/folders created in the last 3 months======

2009-12-28 19:31:32 ----D---- C:\Program Files\trend micro
2009-12-28 19:31:30 ----D---- C:\rsit
2009-12-28 09:08:31 ----HDC---- C:\Documents and Settings\All Users\Application Data\~0
2009-12-28 09:06:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-12-27 13:07:25 ----D---- C:\Program Files\Mozilla Firefox
2009-12-27 10:35:09 ----A---- C:\WINDOWS\system32\logon.exe
2009-12-26 13:13:24 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SpinTop
2009-12-22 09:30:21 ----D---- C:\Program Files\PhotoFiltre
2009-12-12 18:48:26 ----D---- C:\Program Files\The Game Of LIFE PTS
2009-12-12 18:48:16 ----D---- C:\Program Files\ReflexiveArcade
2009-12-12 18:41:03 ----D---- C:\Program Files\RealArcade
2009-12-09 12:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 12:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 12:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 12:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 12:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-28 14:37:40 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom
2009-11-28 14:33:20 ----D---- C:\Documents and Settings\HP_Owner\Application Data\TomTom
2009-11-28 14:33:08 ----D---- C:\Program Files\TomTom International B.V
2009-11-28 14:32:51 ----D---- C:\Program Files\TomTom HOME 2
2009-11-24 19:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-24 19:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-11-24 19:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 18:27:21 ----D---- C:\WINDOWS\Prefetch
2009-11-23 20:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-11-23 20:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-11-23 20:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-11-23 20:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-11-23 20:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-11-23 20:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-11-23 20:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-11-23 19:59:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-23 19:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-11-23 19:59:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-11-23 19:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-11-23 19:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-11-23 19:58:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-11-23 19:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-11-23 19:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-11-23 19:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-11-23 19:58:02 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2009-11-23 19:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-11-23 19:47:39 ----D---- C:\WINDOWS\system32\scripting
2009-11-23 19:47:36 ----D---- C:\WINDOWS\system32\en
2009-11-23 19:47:35 ----D---- C:\WINDOWS\system32\bits
2009-11-20 16:59:49 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-20 16:59:14 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2009-11-20 16:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-20 16:37:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-20 16:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-11-18 19:53:45 ----A---- C:\VETlog.txt
2009-11-18 17:26:10 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-18 17:26:06 ----D---- C:\Program Files\MSBuild
2009-11-18 17:25:56 ----D---- C:\Program Files\Reference Assemblies
2009-11-18 17:25:21 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-11-18 17:25:21 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-11-18 17:25:21 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-11-18 17:25:20 ----D---- C:\13ffe77f09c7e31db526a1ec
2009-11-18 17:21:18 ----D---- C:\Program Files\MSXML 6.0
2009-11-18 17:18:42 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-11-18 17:18:32 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-11-18 17:18:20 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-11-18 17:18:20 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-11-18 17:18:05 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-11-18 17:18:01 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-11-18 17:17:51 ----N---- C:\WINDOWS\system32\slserv.exe
2009-11-18 17:17:51 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-11-18 17:17:48 ----N---- C:\WINDOWS\system32\slgen.dll
2009-11-18 17:17:48 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-11-18 17:17:48 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-11-18 17:17:41 ----N---- C:\WINDOWS\system32\setupn.exe
2009-11-18 17:17:37 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-11-18 17:17:34 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-11-18 17:17:30 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-11-18 17:17:27 ----N---- C:\WINDOWS\system32\qutil.dll
2009-11-18 17:17:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-11-18 17:17:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-11-18 17:17:22 ----N---- C:\WINDOWS\system32\qagent.dll
2009-11-18 17:17:16 ----N---- C:\WINDOWS\system32\onex.dll
2009-11-18 17:17:13 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-11-18 17:17:04 ----N---- C:\WINDOWS\system32\napstat.exe
2009-11-18 17:17:04 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-11-18 17:17:04 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-11-18 17:17:03 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-11-18 17:17:00 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-11-18 17:17:00 ----N---- C:\WINDOWS\system32\mssha.dll
2009-11-18 17:16:50 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-11-18 17:16:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-11-18 17:16:49 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-11-18 17:16:49 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-11-18 17:16:48 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-11-18 17:16:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-11-18 17:16:47 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-11-18 17:16:46 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-11-18 17:16:46 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-11-18 17:16:46 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-11-18 17:16:46 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-11-18 17:16:44 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-11-18 17:16:42 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-11-18 17:16:36 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-11-18 17:16:36 ----A---- C:\WINDOWS\005298_.tmp
2009-11-18 17:16:34 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-11-18 17:16:34 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-11-18 17:16:34 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-11-18 17:16:34 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-11-18 17:16:34 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-11-18 17:16:34 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-11-18 17:16:34 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-11-18 17:16:34 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-11-18 17:16:32 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-11-18 17:16:32 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-11-18 17:16:32 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-11-18 17:16:32 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-11-18 17:16:32 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-11-18 17:16:32 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-11-18 17:16:32 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-11-18 17:16:29 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-11-18 17:16:29 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-11-18 17:16:29 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-11-18 17:16:27 ----N---- C:\WINDOWS\system32\credssp.dll
2009-11-18 17:16:23 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-11-18 17:16:23 ----N---- C:\WINDOWS\system32\azroles.dll
2009-11-18 17:16:22 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-11-18 17:16:22 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-11-18 17:16:22 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-11-18 17:16:21 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-11-18 17:16:21 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-11-18 17:16:21 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-11-18 17:16:19 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-11-18 17:16:15 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-11-18 17:08:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-11-18 17:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-11-18 17:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-18 17:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-18 17:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-18 17:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-11-18 17:05:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-11-18 17:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-11-18 17:05:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-18 17:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2009-11-18 17:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-11-18 17:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-11-18 17:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-18 17:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-11-18 17:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-11-18 17:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-11-18 17:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-18 17:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-11-18 17:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-11-18 16:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-18 16:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-11-18 16:59:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-11-18 16:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-11-18 16:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-18 16:54:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-18 16:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-11-18 16:53:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-11-18 16:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-11-18 16:53:05 ----D---- C:\WINDOWS\ie8updates
2009-11-18 16:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-11-18 16:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-11-18 16:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-11-18 16:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-18 16:51:05 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-18 16:47:37 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-17 19:12:29 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-11-17 16:41:39 ----N---- C:\WINDOWS\system32\iehelper.dll
2009-11-17 14:42:04 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2009-11-17 14:41:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-16 15:34:34 ----D---- C:\Program Files\Apple Software Update
2009-10-09 18:33:49 ----D---- C:\WINDOWS\Greenback Bayou Screen Saver #1 dir

======List of files/folders modified in the last 3 months======

2009-12-28 19:31:32 ----D---- C:\Program Files
2009-12-28 19:27:16 ----A---- C:\WINDOWS\win.ini
2009-12-28 18:47:46 ----D---- C:\WINDOWS\Temp
2009-12-28 18:07:52 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AVG7
2009-12-28 18:04:08 ----D---- C:\WINDOWS\system32
2009-12-28 12:55:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-28 11:03:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-28 11:03:46 ----SD---- C:\WINDOWS\Tasks
2009-12-28 11:02:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-28 11:02:09 ----D---- C:\WINDOWS
2009-12-28 09:40:46 ----HD---- C:\Config.Msi
2009-12-28 09:40:40 ----SHD---- C:\WINDOWS\Installer
2009-12-28 09:40:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-28 09:40:20 ----D---- C:\WINDOWS\system32\drivers
2009-12-28 09:10:43 ----HD---- C:\WINDOWS\inf
2009-12-28 09:05:43 ----D---- C:\WINDOWS\WinSxS
2009-12-27 14:00:10 ----RHD---- C:\$VAULT$.AVG
2009-12-26 14:02:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-26 13:14:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-18 21:58:05 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-12-15 18:48:14 ----D---- C:\Program Files\Common Files\AOL
2009-12-13 20:18:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-12 15:26:01 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2009-12-09 16:02:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 12:49:09 ----A---- C:\WINDOWS\imsins.BAK
2009-12-09 12:48:51 ----D---- C:\Program Files\Internet Explorer
2009-12-09 12:48:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-28 10:25:45 ----D---- C:\WINDOWS\system32\Adobe
2009-11-24 21:08:27 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-24 19:20:52 ----D---- C:\Program Files\Messenger
2009-11-24 19:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-11-24 19:17:49 ----D---- C:\Program Files\Outlook Express
2009-11-24 19:17:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-11-24 18:28:48 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-24 18:27:27 ----A---- C:\WINDOWS\setuplog.txt
2009-11-24 18:26:58 ----D---- C:\WINDOWS\system32\wbem
2009-11-24 18:26:58 ----D---- C:\WINDOWS\system32\Setup
2009-11-24 18:26:58 ----D---- C:\WINDOWS\AppPatch
2009-11-24 18:26:56 ----RSD---- C:\WINDOWS\Fonts
2009-11-23 20:04:46 ----D---- C:\WINDOWS\security
2009-11-23 19:48:32 ----D---- C:\WINDOWS\ime
2009-11-23 19:48:31 ----D---- C:\WINDOWS\Help
2009-11-23 19:47:42 ----D---- C:\WINDOWS\system32\en-US
2009-11-23 19:47:41 ----D---- C:\WINDOWS\system32\usmt
2009-11-23 19:47:35 ----D---- C:\WINDOWS\PeerNet
2009-11-23 19:47:34 ----D---- C:\Program Files\Movie Maker
2009-11-23 19:46:59 ----D---- C:\WINDOWS\system32\Restore
2009-11-23 19:46:59 ----D---- C:\WINDOWS\system32\npp
2009-11-23 19:46:52 ----D---- C:\WINDOWS\msagent
2009-11-23 19:46:48 ----D---- C:\WINDOWS\srchasst
2009-11-23 19:46:45 ----D---- C:\Program Files\NetMeeting
2009-11-23 19:46:41 ----D---- C:\WINDOWS\system32\Com
2009-11-23 19:46:35 ----D---- C:\Program Files\Windows Media Player
2009-11-23 19:46:34 ----D---- C:\Program Files\Windows NT
2009-11-23 19:46:26 ----D---- C:\Program Files\Common Files\System
2009-11-23 19:45:45 ----D---- C:\WINDOWS\system32\oobe
2009-11-23 19:45:32 ----D---- C:\WINDOWS\system
2009-11-23 19:37:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-23 19:36:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-23 19:23:33 ----D---- C:\WINDOWS\EHome
2009-11-21 11:27:59 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-21 11:27:57 ----RSD---- C:\WINDOWS\assembly
2009-11-20 17:15:03 ----D---- C:\DELUXE
2009-11-20 16:57:43 ----D---- C:\Program Files\Common Files
2009-11-18 17:25:37 ----D---- C:\WINDOWS\system32\spool
2009-11-18 16:50:21 ----D---- C:\Documents and Settings
2009-11-17 16:48:44 ----SHD---- C:\RECYCLER
2009-11-16 14:08:46 ----D---- C:\Program Files\Common Files\Apple
2009-11-11 10:28:39 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2009-11-03 16:44:25 ----D---- C:\Program Files\QuickTime
2009-11-02 20:32:19 ----D---- C:\WINDOWS\Cache
2009-10-29 02:45:38 ----A---- C:\WINDOWS\system32\wininet.dll
2009-10-29 02:45:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-29 02:45:37 ----A---- C:\WINDOWS\system32\occache.dll
2009-10-29 02:45:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-29 02:45:35 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-10-29 02:45:35 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-10-29 02:45:35 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-10-29 02:45:34 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-10-29 02:45:34 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-10-29 02:45:33 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-10-29 02:45:32 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-10-28 10:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-28 09:40:47 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-10-21 15:55:42 ----A---- C:\WINDOWS\ODBC.INI
2009-10-21 15:52:16 ----D---- C:\WINDOWS\msapps
2009-10-21 15:52:16 ----D---- C:\temp
2009-10-21 15:52:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-10-17 10:32:54 ----D---- C:\Program Files\AOL Games
2009-10-15 20:19:50 ----D---- C:\WINDOWS\ShellNew
2009-10-15 20:18:59 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-10-15 20:16:04 ----RD---- C:\Program Files\Skype
2009-10-15 20:15:07 ----D---- C:\Program Files\Symantec
2009-10-15 20:09:26 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-10-15 19:35:30 ----D---- C:\Documents and Settings\HP_Owner\Application Data\skypePM
2009-10-13 05:30:16 ----A---- C:\WINDOWS\system32\oakley.dll
2009-10-12 08:38:19 ----A---- C:\WINDOWS\system32\rastls.dll
2009-10-12 08:38:18 ----A---- C:\WINDOWS\system32\raschap.dll
2009-10-11 20:51:23 ----D---- C:\Program Files\Paint.NET
2009-10-09 18:33:50 ----A---- C:\WINDOWS\flashax.exe
2009-10-09 18:33:49 ----A---- C:\WINDOWS\impborl.dll
2009-10-04 08:07:33 ----D---- C:\Python22

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2009-11-11 10760]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-11 26952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2009-04-26 4960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-10-13 2287104]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-18 113664]
S3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-07-26 25624]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 LVUVC;Logitech QuickCam S5500(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2009-11-11 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2009-04-26 49664]
R2 AvgCoreSvc;AVG7 Resident Shield Service; C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe [2009-11-11 192512]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2009-11-11 406528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-27 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2004-09-23 38912]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-05 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
EOF

Comments

  • chiazchiaz
    edited December 2009
    Hey there, welcome. :)

    A few things before we start....
    1. Please Read All Instructions Carefully.
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you.
    4. If you have to go away for an extended period of time, let me know.
    5. Please continue to respond until I give you the "All Clear".
    (Just because you can't see a problem doesn't mean it isn't there)

    ===============

    Please download Malwarebytes' Anti-Malware by clicking the link below:
    http://www.besttechie.net/tools/mbam-setup.exe

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * You'll be required to post the contents of this log later.

    Please Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



    Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

    Go here ======> A guide and tutorial on using ComboFix <====== Go here

    Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should get a prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    (2) Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.


    Please include the MBAM log, C:\ComboFix.txt as well as a new RSIT log for further review, so that we may continue cleansing the system.


    Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
Sign In or Register to comment.