Thread: Horrible infection.
View Single Post
Old 10-31-2008, 05:55 PM   #1 (permalink)
eddmead
Registered User
 
Join Date: Jul 2005
Posts: 38
OS: xp pro


Horrible infection.
I have a machine that is infected horribly with somthing locks up can barely navigate anything...any help would be greatly appreciated. here are my log reports.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-31 19:46:49
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT F3DE79A8 ZwClose
SSDT F3DE77E4 ZwCreateKey
SSDT F3DE7900 ZwDeleteKey
SSDT F3DE7928 ZwDeleteValueKey
SSDT F3DE79A2 ZwLoadKey
SSDT F3DE7687 ZwOpenKey
SSDT F3DE7886 ZwQueryValueKey
SSDT F3DE7952 ZwReplaceKey
SSDT F3DE797A ZwRestoreKey
SSDT F3DE7834 ZwSetValueKey

Code E1D2D430 ZwEnumerateKey
Code E1D2A0A0 ZwFlushInstructionCache
Code E1D20C7E ZwSaveKey
Code E1D1C6CE ZwSaveKeyEx
Code F3ED3E95 pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP E1D2A0A4
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB52 5 Bytes JMP E1D2D434
PAGE ntkrnlpa.exe!ZwSaveKey 8061BDC6 5 Bytes JMP E1D20C82
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061BEAC 5 Bytes JMP E1D1C6D2
? C:\WINDOWS\System32\drivers\fipss.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1024] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2472] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00EE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F0000A
.text C:\WINDOWS\explorer.exe[3580] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D7000A
.text C:\WINDOWS\explorer.exe[3580] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D6000A
.text C:\WINDOWS\explorer.exe[3580] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D8000A

---- Devices - GMER 1.0.14 ----

Device \Driver\fipss \Device\fipss F3DE558A
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort2 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort3 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort5 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-16 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\TDSSxeuu.sys (*** hidden *** ) F3ED2000-F3EE4000 (73728 bytes)

---- Threads - GMER 1.0.14 ----

Thread 4:412 F3ED4E03

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\TDSSxeuu.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@TDSSserv \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@TDSSl \systemroot\system32\TDSSktkl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdsslog \systemroot\system32\TDSSrojf.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssadw \systemroot\system32\TDSSocun.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssinit \systemroot\system32\TDSSqein.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssserf \systemroot\system32\TDSSehys.dll
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSxeuu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSxeuu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@TDSSserv \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@TDSSl \systemroot\system32\TDSSktkl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdsslog \systemroot\system32\TDSSrojf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssadw \systemroot\system32\TDSSocun.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssinit \systemroot\system32\TDSSqein.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssserf \systemroot\system32\TDSSehys.dll
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@TDSSserv \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@TDSSl \systemroot\system32\TDSSktkl.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdsslog \systemroot\system32\TDSSrojf.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssadw \systemroot\system32\TDSSocun.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssinit \systemroot\system32\TDSSqein.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssserf \systemroot\system32\TDSSehys.dll
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Network\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Network\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@TDSSserv \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@TDSSl \systemroot\system32\TDSSktkl.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdsslog \systemroot\system32\TDSSrojf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssadw \systemroot\system32\TDSSocun.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssinit \systemroot\system32\TDSSqein.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssserf \systemroot\system32\TDSSehys.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 42
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid v300
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x09 0x19 0x1F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1

---- EOF - GMER 1.0.14 ----






Logfile of random's system information tool 1.04 (written by random/random)
Run by Shirly at 2008-10-31 19:47:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 130 GB (90%) free of 144 GB
Total RAM: 446 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47: VIRUS ALERT!, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\All Users\Application Data\pozgnihc\binwvqne.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\pcntttdl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\system32\rkwnw64l.exe
C:\Program Files\GetPack\GetPack23.exe
C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe
C:\Documents and Settings\Shirly\Application Data\Gool\Gool.exe
C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Shirly\Application Data\Microsoft\Windows\pedarox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Shirly\Application Data\U3\00001873CB606297\LaunchPad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
G:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Shirly.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: (no name) - {1B47BD85-903E-4CE8-946B-A99723CA878B} - C:\WINDOWS\system32\rqRHbXNg.dll
O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll
O2 - BHO: (no name) - {758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\wvUkJdCU.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QXK Olive - {81FF9400-31B5-4786-9EA9-DD8425658399} - C:\WINDOWS\grfxbanonlm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d812ee1f-0f33-79da-a904-da7df8533129} - {9213358f-d7ad-409a-ad97-33f0f1ee218d} - C:\WINDOWS\system32\rqbwxq.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [{85-5E-EA-A3-DW}] C:\windows\system32\rkwnw64l.exe DWrvg
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [admdsc] C:\WINDOWS\system32\kfapyjil.exe
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [GetPack23] "C:\Program Files\GetPack\GetPack23.exe"
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\Shirly\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Shirly\Application Data\Microsoft\Windows\pedarox.exe
O4 - HKLM\..\Policies\Explorer\Run: [D5P1Ak1SB2] C:\Documents and Settings\All Users\Application Data\pozgnihc\binwvqne.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\pcntttdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rkwnw64l.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1219351107312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ,avgrsstx.dll rqbwxq.dll
O20 - Winlogon Notify: wvUkJdCU - C:\WINDOWS\SYSTEM32\wvUkJdCU.dll
O21 - SSODL: qrbgltos - {74747695-FC62-4400-BF3A-2B893CADC3BC} - C:\WINDOWS\qrbgltos.dll
O21 - SSODL: ngwstxfd - {0BD404B3-7DCF-425C-B2F9-226D99A09DCE} - C:\WINDOWS\ngwstxfd.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2hpcmx5\command.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10118 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
BHO Class - C:\Program Files\Webtools\webtools.dll [2008-10-30 90624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B47BD85-903E-4CE8-946B-A99723CA878B}]
C:\WINDOWS\system32\rqRHbXNg.dll [2008-10-20 322432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60B244BE-559D-4269-B96E-CD264D828EC9}]
PC-Antispy Site Blocker Button - C:\Program Files\PC-Antispy\ASpyStBlk.dll [2008-10-20 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{758F6D53-DCC7-4CCF-9080-4B6F9389F641}]
C:\WINDOWS\system32\wvUkJdCU.dll [2008-10-20 34176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81FF9400-31B5-4786-9EA9-DD8425658399}]
QXK Olive - C:\WINDOWS\grfxbanonlm.dll [2008-10-19 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9213358f-d7ad-409a-ad97-33f0f1ee218d}]
C:\WINDOWS\system32\rqbwxq.dll [2008-10-29 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-21 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-10-16 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}]
Mjcore Class - C:\Program Files\Mjcore\Mjcore.dll [2008-10-30 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-10-16 2403392]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-21 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-05-09 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-21 1235736]
"{85-5E-EA-A3-DW}"=C:\windows\system32\rkwnw64l.exe [2008-10-26 262182]
"Host Process"=C:\WINDOWS\Fonts\svchost.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"D5P1Ak1SB2"=C:\Documents and Settings\All Users\Application Data\pozgnihc\binwvqne.exe [2008-10-20 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2006-12-11 503296]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"admdsc"=C:\WINDOWS\system32\kfapyjil.exe []
"VnrPack20"=C:\Program Files\VnrPack\VnrPack20.exe []
"GetPack23"=C:\Program Files\GetPack\GetPack23.exe [2008-10-21 350720]
"Facegame"=C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe [2008-10-26 56832]
"Gool"=C:\Documents and Settings\Shirly\Application Data\Gool\Gool.exe [2008-10-30 61440]
"SpeedRunner"=C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe [2008-10-30 218112]
"SfKg6wIP"=C:\Documents and Settings\Shirly\Application Data\Microsoft\Windows\pedarox.exe [2008-10-30 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Shirly\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\system32\pcntttdl.exe
DW_Start.lnk - C:\WINDOWS\system32\rkwnw64l.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=",avgrsstx.dll rqbwxq.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUkJdCU]
C:\WINDOWS\system32\wvUkJdCU.dll [2008-10-20 34176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
qrbgltos - {74747695-FC62-4400-BF3A-2B893CADC3BC} - C:\WINDOWS\qrbgltos.dll [2008-10-19 323584]
ngwstxfd - {0BD404B3-7DCF-425C-B2F9-226D99A09DCE} - C:\WINDOWS\ngwstxfd.dll [2008-10-19 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{758F6D53-DCC7-4CCF-9080-4B6F9389F641}"=C:\WINDOWS\system32\wvUkJdCU.dll [2008-10-20 34176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\rqRHbXNg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1
"NoDispCPL"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoToolbarCustomize"=1
"StartMenuLogoff"=1
"NoStartMenuMorePrograms"=1
"NoSetFolders"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-10-31 19:47:02 ----D---- C:\rsit
2008-10-31 19:42:58 ----A---- C:\WINDOWS\gmer.ini
2008-10-31 19:42:54 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-10-31 19:42:54 ----A---- C:\WINDOWS\gmer.exe
2008-10-31 19:42:54 ----A---- C:\WINDOWS\gmer.dll
2008-10-30 17:36:49 ----D---- C:\Program Files\iCheck
2008-10-30 17:36:49 ----D---- C:\Program Files\GetPack
2008-10-30 17:31:52 ----D---- C:\Documents and Settings\Shirly\Application Data\SpeedRunner
2008-10-30 17:26:50 ----D---- C:\Documents and Settings\Shirly\Application Data\Gool
2008-10-30 17:21:49 ----D---- C:\Program Files\Webtools
2008-10-30 17:19:29 ----D---- C:\Program Files\Trend Micro
2008-10-30 17:16:50 ----D---- C:\Program Files\Mjcore
2008-10-29 19:44:03 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-29 19:10:06 ----A---- C:\WINDOWS\system32\rqbwxq.dll
2008-10-29 19:10:06 ----A---- C:\WINDOWS\system32\kadeqihh.dll
2008-10-29 19:08:47 ----D---- C:\Program Files\CleanUp!
2008-10-29 19:04:41 ----SH---- C:\WINDOWS\system32\ohwjmdsi.ini
2008-10-29 19:04:40 ----A---- C:\WINDOWS\system32\isdmjwho.dll
2008-10-26 20:26:23 ----SH---- C:\WINDOWS\system32\ypkdooaw.ini
2008-10-26 20:24:58 ----A---- C:\WINDOWS\system32\pcntttdl.exe
2008-10-26 20:24:53 ----A---- C:\WINDOWS\system32\gside.exe
2008-10-26 19:54:09 ----A---- C:\WINDOWS\system32\rkwnw64l.exe
2008-10-26 19:23:14 ----A---- C:\WINDOWS\system32\vbzip10.dll
2008-10-26 19:21:08 ----A---- C:\WINDOWS\system32\atmtd.dll._
2008-10-26 19:21:08 ----A---- C:\WINDOWS\system32\atmtd.dll
2008-10-26 19:20:58 ----D---- C:\Documents and Settings\Shirly\Application Data\Facegame
2008-10-26 19:20:48 ----SHD---- C:\WINDOWS\U2hpcmx5
2008-10-26 19:20:48 ----D---- C:\Program Files\Network Monitor
2008-10-26 19:20:48 ----A---- C:\WINDOWS\uninstall_nmon.vbs
2008-10-26 19:20:27 ----D---- C:\WINDOWS\system32\wi
2008-10-26 19:20:27 ----D---- C:\WINDOWS\system32\PX
2008-10-26 19:20:27 ----D---- C:\WINDOWS\system32\m3v
2008-10-26 19:20:27 ----D---- C:\WINDOWS\system32\fs3
2008-10-26 19:20:27 ----D---- C:\WINDOWS\system32\ec2
2008-10-26 19:20:05 ----A---- C:\WINDOWS\ndxq3074.exe
2008-10-26 19:20:02 ----A---- C:\WINDOWS\j414.exe
2008-10-26 19:20:00 ----D---- C:\WINDOWS\system32\EV02
2008-10-26 19:19:59 ----A---- C:\WINDOWS\lik02.exe
2008-10-26 19:19:57 ----A---- C:\WINDOWS\cor704836.exe
2008-10-26 19:19:56 ----A---- C:\WINDOWS\tj85.exe
2008-10-26 19:19:55 ----A---- C:\WINDOWS\eo4.exe
2008-10-26 19:19:53 ----A---- C:\WINDOWS\ee3362.exe
2008-10-26 19:19:47 ----A---- C:\WINDOWS\h288.exe
2008-10-26 19:19:46 ----A---- C:\WINDOWS\mondrv411.exe
2008-10-26 19:19:25 ----A---- C:\WINDOWS\system32\oPICTJAr.dll
2008-10-26 19:19:25 ----A---- C:\WINDOWS\system32\iIBUlKAp.dll
2008-10-26 19:19:24 ----A---- C:\WINDOWS\system32\g79.exe
2008-10-26 19:19:21 ----A---- C:\WINDOWS\system32\dwwnw64r.exe
2008-10-26 19:19:19 ----A---- C:\WINDOWS\nc605007.exe
2008-10-26 19:19:15 ----A---- C:\WINDOWS\qggu58826.exe
2008-10-26 19:19:13 ----A---- C:\WINDOWS\tjyvb346054.exe
2008-10-26 19:19:04 ----A---- C:\WINDOWS\nohh06760.exe
2008-10-26 19:18:29 ----A---- C:\WINDOWS\system32\imvkir.dll
2008-10-26 19:18:26 ----A---- C:\WINDOWS\system32\tllxdcdr.dll
2008-10-22 23:27:06 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2008-10-22 23:27:06 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2008-10-22 23:27:06 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2008-10-22 23:27:05 ----A---- C:\WINDOWS\system32\unrar3.dll
2008-10-22 23:27:05 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-10-22 23:27:03 ----D---- C:\Documents and Settings\Shirly\Application Data\Simply Super Software
2008-10-22 23:27:03 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-10-22 16:59:18 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-10-21 19:18:06 ----HD---- C:\$AVG8.VAULT$
2008-10-21 18:15:55 ----SH---- C:\WINDOWS\system32\dwylalxk.ini
2008-10-21 18:15:51 ----A---- C:\WINDOWS\system32\qqxxzc.dll
2008-10-21 18:15:49 ----A---- C:\WINDOWS\system32\fecmcmrp.dll
2008-10-21 17:14:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-21 17:14:06 ----D---- C:\Documents and Settings\Shirly\Application Data\AVGTOOLBAR
2008-10-21 17:13:53 ----D---- C:\Program Files\AVG
2008-10-21 17:13:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-21 16:22:06 ----SH---- C:\WINDOWS\system32\ybmpxvyi.ini
2008-10-21 16:20:07 ----A---- C:\WINDOWS\system32\aomkpr.dll
2008-10-21 16:20:06 ----A---- C:\WINDOWS\system32\xlfgptge.dll
2008-10-20 17:51:28 ----D---- C:\Program Files\PC-Antispy
2008-10-20 15:19:49 ----SH---- C:\WINDOWS\system32\emkrsdbk.ini
2008-10-20 15:19:44 ----A---- C:\WINDOWS\system32\htaxgo.dll
2008-10-20 15:19:42 ----A---- C:\WINDOWS\system32\wmldcaub.dll
2008-10-20 15:19:14 ----A---- C:\WINDOWS\system32\430b9a72-.txt
2008-10-20 15:18:49 ----ASH---- C:\WINDOWS\system32\gNXbHRqr.ini2
2008-10-20 15:18:49 ----ASH---- C:\WINDOWS\system32\gNXbHRqr.ini
2008-10-20 15:18:38 ----A---- C:\WINDOWS\system32\rqRHbXNg.dll
2008-10-20 01:41:44 ----A---- C:\WINDOWS\system32\ssqrSLFW.dll
2008-10-20 01:41:44 ----A---- C:\WINDOWS\system32\rqRHbbyV.dll
2008-10-20 01:39:14 ----A---- C:\WINDOWS\system32\nnnmlMDw.dll
2008-10-20 01:39:13 ----A---- C:\WINDOWS\system32\iifdCvwu.dll
2008-10-20 01:38:31 ----A---- C:\WINDOWS\system32\tuvTmNfG.dll
2008-10-20 01:38:30 ----A---- C:\WINDOWS\system32\pmnmmJcd.dll
2008-10-20 01:38:17 ----D---- C:\Documents and Settings\All Users\Application Data\pozgnihc
2008-10-20 01:37:45 ----A---- C:\WINDOWS\system32\wvUkJdCU.dll
2008-10-20 01:37:45 ----A---- C:\WINDOWS\system32\ddcDvwvs.dll
2008-10-20 01:37:10 ----D---- C:\Documents and Settings\Shirly\Application Data\TmpRecentIcons
2008-10-20 01:37:01 ----A---- C:\WINDOWS\rosqxvmn.dll
2008-10-20 01:37:01 ----A---- C:\WINDOWS\qrbgltos.dll
2008-10-20 01:37:01 ----A---- C:\WINDOWS\ngwstxfd.dll
2008-10-20 01:37:01 ----A---- C:\WINDOWS\grfxbanonlm.dll
2008-10-20 01:37:01 ----A---- C:\WINDOWS\epgb.exe
2008-10-20 01:37:00 ----A---- C:\WINDOWS\lomxeqsn.exe
2008-10-18 1436 ----D---- C:\Program Files\Fun Web Products
2008-10-18 12:30:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-18 12:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 12:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-18 12:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-18 12:29:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-18 12:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-18 12:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-17 16:41:40 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-10-17 16:41:39 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-10-17 15:08:18 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-10-17 15:05:51 ----D---- C:\WINDOWS\PixArt
2008-10-17 15:05:50 ----D---- C:\Program Files\Micro Innovations
2008-10-17 15:05:50 ----D---- C:\Program Files\Common Files\PCCamera
2008-10-17 15:03:00 ----A---- C:\WINDOWS\EZMediaBox2.ini
2008-10-17 15:02:40 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-17 15:02:40 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-17 15:02:40 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-17 15:02:26 ----D---- C:\Program Files\BestOn
2008-10-16 21:52:59 ----D---- C:\Program Files\MySpace
2008-10-16 20:50:15 ----D---- C:\Program Files\Windows Live Favorites
2008-10-16 20:49:37 ----D---- C:\Program Files\Real
2008-10-16 20:49:18 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-16 20:47:52 ----D---- C:\Program Files\Windows Live Toolbar
2008-10-16 20:47:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-16 20:47:06 ----D---- C:\Program Files\MSN Messenger
2008-10-16 20:01:57 ----D---- C:\Documents and Settings\Shirly\Application Data\Google
2008-10-16 19:04:54 ----D---- C:\Documents and Settings\Shirly\Application Data\LimeWire
2008-10-16 19:01:32 ----D---- C:\WINDOWS\Sun
2008-10-16 19:01:32 ----D---- C:\Documents and Settings\Shirly\Application Data\Sun
2008-10-16 19:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-16 19:01:15 ----D---- C:\Program Files\Google
2008-10-16 19:00:37 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-16 19:00:37 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-16 19:00:37 ----A---- C:\WINDOWS\system32\java.exe
2008-10-16 19:00:03 ----D---- C:\Program Files\Java
2008-10-16 18:57:21 ----D---- C:\Program Files\Common Files\Java
2008-10-16 18:08:23 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-10-16 18:08:23 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-10-16 18:08:23 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-10-16 18:08:23 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-10-16 18:08:20 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-10-16 18:08:20 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-10-16 13:01:04 ----D---- C:\Program Files\MyWebSearch
2008-10-16 13:00:30 ----D---- C:\Program Files\FunWebProducts
2008-10-14 14:54:28 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-11 23:44:11 ----D---- C:\Program Files\Yahoo!
2008-10-11 22:26:08 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-11 21:57:18 ----D---- C:\Program Files\Common Files\Adobe
2008-10-11 21:57:14 ----A---- C:\WINDOWS\IsUninst.exe
2008-10-11 19:04:47 ----A---- C:\WINDOWS\ModemLog_Data Fax SoftModem with SmartCP.txt
2008-10-10 19:50:17 ----D---- C:\CloneDVDTemp
2008-10-10 15:41:51 ----D---- C:\Program Files\Elaborate Bytes
2008-10-10 15:41:31 ----D---- C:\Program Files\SlySoft
2008-10-10 15:40:32 ----D---- C:\Documents and Settings\Shirly\Application Data\U3

======List of files/folders modified in the last 1 months======

2008-10-31 19:42:58 ----D---- C:\WINDOWS
2008-10-31 19:42:56 ----D---- C:\WINDOWS\Temp
2008-10-31 19:42:54 ----D---- C:\WINDOWS\system32\drivers
2008-10-30 17:45:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-30 17:39:04 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-30 17:36:49 ----RD---- C:\Program Files
2008-10-30 04:49:37 ----D---- C:\WINDOWS\system32
2008-10-29 19:54:49 ----D---- C:\Documents and Settings
2008-10-29 19:23:56 ----D---- C:\temp
2008-10-29 19:03:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-26 19:58:59 ----RSD---- C:\WINDOWS\Fonts
2008-10-26 19:39:47 ----D---- C:\WINDOWS\Prefetch
2008-10-21 17:13:52 ----SHD---- C:\WINDOWS\Installer
2008-10-21 17:13:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-21 17:13:40 ----D---- C:\WINDOWS\WinSxS
2008-10-21 17:13:04 ----SD---- C:\Documents and Settings\Shirly\Application Data\Microsoft
2008-10-21 15:16:42 ----HD---- C:\WINDOWS\inf
2008-10-20 01:37:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-19 16:20:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-18 16:26:32 ----D---- C:\Program Files\Internet Explorer
2008-10-18 13:36:08 ----D---- C:\WINDOWS\network diagnostic
2008-10-18 12:30:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-18 12:30:28 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-18 12:30:26 ----A---- C:\WINDOWS\imsins.BAK
2008-10-18 12:29:48 ----D---- C:\WINDOWS\ie7updates
2008-10-17 20:28:32 ----A---- C:\WINDOWS\ODBC.INI
2008-10-17 15:05:56 ----A---- C:\WINDOWS\win.ini
2008-10-17 15:05:51 ----D---- C:\WINDOWS\twain_32
2008-10-17 15:05:50 ----D---- C:\Program Files\Common Files
2008-10-17 15:04:39 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-17 15:04:17 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-17 15:02:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-16 20:49:13 ----SD---- C:\WINDOWS\Tasks
2008-10-16 18:08:30 ----D---- C:\WINDOWS\Help
2008-10-15 15:21:34 ----D---- C:\Documents and Settings\Shirly\Application Data\Adobe
2008-10-11 23:50:57 ----D---- C:\Program Files\MSN
2008-10-11 22:26:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-11 22:26:03 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-11 19:05:05 ----A---- C:\WINDOWS\setuplog.txt
2008-10-11 1126 ----SHD---- C:\RECYCLER
2008-10-11 10:28:26 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-21 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-21 26824]
R1 fipss;fipss; C:\WINDOWS\System32\drivers\fipss.sys [2008-10-26 86144]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-21 76040]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-13 15440]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-12-10 29768]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2006-12-13 11984]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\E:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-31 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PAC207;Basic Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-05-27 162304]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-21 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-21 231704]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 cmdService;Command Service; C:\WINDOWS\U2hpcmx5\command.exe []
S2 Network Monitor;Network Monitor; C:\Program Files\Network Monitor\netmon.exe service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-16 138168]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
eddmead is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here