|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
03-28-2009, 03:59 AM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 65
OS: WinXp Sp3
|
Virus Help--Please?!?
My room-mate and I have a shared computer. She is in Equador right now doing nursing work and the other night I was talking to her online and I asked her if she had been taking a lot of pics and she replied back she had and with that came a link. The link said to click on it and not thinking anything of it I did and next thing I know the msn connection was messed!
I couldn't talk to her at all, or I could but she wasn't seeing my replies. This is bad because I'm supposed to be letting her family know how she is and whatnot since she has no cell phone while she's there. It's a dangerous place and her family is worried and now I've been having so many problems with this computer I'm not even checking emails for fear my account will be hacked. To further add to the issue, I do the schedule for my work (normally from my office), which I post online for the other employees using our companies webserver. Well, the other day I was working from home (which I never normally do but was sick) and uploaded the schedule to the webserver and when I went to check it in my browser, the website crashed Mozilla and it said it was a malicious site. It also did the same with IE7. I let our companies webguy know and he tells me he had some virus on his home computer which has spread out to all of his clients and so numerous sites had been attacked of his. So...I think I have at least two issues here...grrrr. The problems I am having are: 1) I don't trust MSN though it seems to be working fine now. 2) When I try to run my virus scanner (avast!), it does the memory test and then tries to open the interface, but its like it opens offscreen almost because I can't see it and can't do a scan. 3) This is the same for the password keeper program I use...it starts to load but the interface never opens. 4) Winamp crashes as soon as it starts 5) Firefox crashes lots 6) Periodic website redirects when browsing using Firefox 7) Valve's Steam games crashing on trying to connect to servers for online play 8) When I try to run the dds program as recommended in the "what to do before you post" thread, it does the same thing as many of the other programs, it pretends to start to load but nothing ever happens. In this case a small black screen appears for a split second and then disappears and then nada. Anyways, it's been 3 days and I had a computer guy come and look at it but there wasn't much he could do. He said I should just re-format but I'm hoping I don't have to. Anyway, I read over the "do this before you post thread" and can tell you I'm running: Dell XPS 600 Intel Pentium D CPU 3.00GHz 2.99 GHz, 2.00 GB or RAM on Microsoft Windows XP Home Edition, Version 2002 Service Pack 3. Let me know if there's any other information you need. I really don't know how I'm going to fix this if I can't even do these scans! My room-mate is gone for another thirteen days in the murder capital of south america and her family is starting to get worried since I'm not getting updates. This is extremely frustrating. Any help would be so greatly appreciated!! Last edited by lissa_rossi; 03-28-2009 at 04:01 AM. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
03-28-2009, 09:38 PM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,030
OS: WinXP and Vista
|
Re: Virus Help--Please?!?
Hello lissa_rossi,
Try this scanner instead. Once I see what's going on, I can clean this up for you.  Download rsit.exe and save it to your desktop.
|
|
|
|
|
03-29-2009, 11:58 AM
|
#3 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 65
OS: WinXp Sp3
|
Re: Virus Help--Please?!?
Thank you so much for the help! :)
My room-mates brother suggested I change to use his account and use IE instead of Firefox because he said the virus probably attacked Firefox only; well it seems to be even worse with IE. There is a program called Winpatrol that doesn't do anything when I'm on my account but when I'm on my room-mates brothers the dog bark sound keeps happening when I'm using IE saying that it wants to load CTF Loader. I keep saying no, but it re-appears as I continue browsing. Anyway, thought I would mention it in case its important. I have run the RSIT program but it is only opening a single notepad document called log.txt. There are no files minimized. I have tried repeatedly now and it keeps doing the same thing. This is what the computer guy was up against, things that should normally work to fix it aren't working. I even tried to delete the file and re-download and try it again not that it should change anything but desperate. I'll post the log.txt then maybe logon with my own accoutn and try it. Maybe that will help? Logfile of random's system information tool 1.06 (written by random/random) Run by Jay at 2009-03-29 10:58:06 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 107 GB (35%) free of 305 GB Total RAM: 2045 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:58, on 2009-03-29 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\lexpps.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRAM FILES\WINALARM\WINALARM.EXE C:\Documents and Settings\Jay\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Jay.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-21-993594379-2377323130-1847992687-1009\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (User 'Lissa') O4 - HKUS\S-1-5-21-993594379-2377323130-1847992687-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Lissa') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://notesmail.bcit.ca/iNotes6W.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://otter1.vanaqua.org/activex/AxisCamControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EE7E0942-4218-404A-9516-296411E8A892}: NameServer = 192.168.1.254 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- End of file - 10506 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (NAUTILUS-Jay).job C:\WINDOWS\tasks\SDMsgUpdate (TE).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-04-07 42184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}] bho2gr Class - C:\Program Files\GetRight\xx2gr.dll [2006-09-11 237568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-04-07 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-23 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-04-07 143360] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2007-08-30 205480] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144] "nwiz"=nwiz.exe /install [] "WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-01-26 316728] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2007-08-30 205480] "Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-03-31 507904] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe [2007-03-05 1103480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2007-08-30 205480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-03-06 236016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Games\Valve\Steam\Steam.exe [2008-10-14 1410296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-03-31 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-04-07 217190] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-09-09 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-03-23 161776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-04-08 67128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-01-30 688128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TELUS eCare.lnk] C:\PROGRA~1\TELUSE~1\bin\matcli.exe [2004-03-16 217088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Xfire.lnk] C:\PROGRA~1\Xfire\Xfire.exe [2006-06-06 4154504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2" "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent" "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\source sdk base\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\source sdk base\hl2.exe:*:Enabled:hl2" "C:\Program Files\Fantasy Grounds II\FantasyGrounds.exe"="C:\Program Files\Fantasy Grounds II\FantasyGrounds.exe:*:Enabled:FantasyGrounds" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\team fortress 2\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\team fortress 2\hl2.exe:*:Enabled:hl2" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\InterVideo\DVD7\WinDVD.exe"="C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD" "C:\Program Files\iWin Games\iWinGames.exe"="C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application." "C:\Program Files\iWin Games\WebUpdater.exe"="C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater." "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\counter-strike source\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\counter-strike source\hl2.exe:*:Enabled:hl2" "C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main" "C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD" "C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater" "C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server" "C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0" "C:\Program Files\e frontier\Poser 7 Demo\PoserDemo.exe"="C:\Program Files\e frontier\Poser 7 Demo\PoserDemo.exe:*:Enabled:Poser executable file" "C:\NeverwinterNights\NWN\nwmain.exe"="C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\NeverwinterNights\NWN\nwserver.exe"="C:\NeverwinterNights\NWN\nwserver.exe:*:Enabled:Neverwinter Nights Server" "C:\Program Files\Visicom Media\AceFTP 3 Freeware\Aceftp3free.exe"="C:\Program Files\Visicom Media\AceFTP 3 Freeware\Aceftp3free.exe:*:Enabled:AceFTP v3" "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life deathmatch source\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life deathmatch source\hl2.exe:*:Enabled:hl2" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life blue shift\hl.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\opposing force\hl.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\opposing force\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\Games\Valve\Steam\SteamApps\common\bloodrayne 2 demo\rayne2demo.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\common\bloodrayne 2 demo\rayne2demo.exe:*:Enabled:BloodRayne 2 Demo" "C:\Program Files\Games\Valve\Steam\SteamApps\common\left 4 dead demo\left4dead.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\common\left 4 dead demo\left4dead.exe:*:Enabled:Left 4 Dead Demo" "C:\Program Files\Games\Valve\Steam\SteamApps\common\bioshock demo\Builds\Release\Bioshock.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\common\bioshock demo\Builds\Release\Bioshock.exe:*:Enabled:Bioshock Demo" "C:\Program Files\Games\Valve\Steam\SteamApps\common\jericho demo\bin\Jericho.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\common\jericho demo\bin\Jericho.exe:*:Enabled:Clive Barker's Jericho Demo" "C:\Program Files\Games\Valve\Steam\SteamApps\common\heroes of annihilated empires demo\HeroesOfAE.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\common\heroes of annihilated empires demo\HeroesOfAE.exe:*:Enabled:Heroes of Annihilated Empires Demo" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\zombie panic! source\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\zombie panic! source\hl2.exe:*:Enabled:hl2" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======File associations====== .reg - open - regedit.exe"%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2009-04-10 22:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-03-29 10:31:42 ----D---- C:\rsit 2009-03-28 02:27:30 ----HD---- C:\WINDOWS\PIF 2009-03-28 00:37:52 ----D---- C:\Program Files\iPod 2009-03-28 00:37:48 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-28 00:34:57 ----D---- C:\Program Files\Bonjour 2009-03-27 23:29:01 ----D---- C:\Documents and Settings\Jay\Application Data\HouseCall 6.6 2009-03-27 19:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\OrbNetworks 2009-03-27 19:25:52 ----D---- C:\Program Files\Winamp Remote 2009-03-27 19:23:45 ----D---- C:\Program Files\Winamp 2009-03-27 19:23:45 ----D---- C:\Documents and Settings\Jay\Application Data\Winamp 2009-03-21 21:48:11 ----D---- C:\Program Files\Microsoft Office Outlook Connector 2009-03-21 21:46:34 ----D---- C:\Program Files\Microsoft Sync Framework 2009-03-21 21:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$ 2009-03-21 21:42:48 ----D---- C:\Program Files\Microsoft 2009-03-21 21:34:11 ----D---- C:\Program Files\Common Files\Windows Live 2009-03-14 19:25:33 ----D---- C:\Program Files\Microsoft Office Communicator 2009-03-14 19:11:41 ----D---- C:\Program Files\Microsoft Works 2009-03-14 19:11:24 ----D---- C:\Program Files\MSBuild 2009-03-14 19:09:36 ----D---- C:\Program Files\Microsoft.NET 2009-03-14 19  49 ----D---- C:\Program Files\Microsoft Visual Studio 82009-03-14 19 10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help2009-03-14 19:03:54 ----RHD---- C:\MSOCache 2009-03-11 07:53:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 07:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-11 07:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ ======List of files/folders modified in the last 1 months====== 2009-04-10 22:28:00 ----D---- C:\Program Files\Internet Explorer 2009-04-10 22:27:54 ----D---- C:\WINDOWS\ie7updates 2009-03-29 10:49:52 ----D---- C:\Program Files\Mozilla Firefox 2009-03-29 10:49:29 ----D---- C:\WINDOWS\Temp 2009-03-29 10:45:48 ----SHD---- C:\RECYCLER 2009-03-29 10:42:02 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt 2009-03-29 10:42:00 ----SHD---- C:\WINDOWS\Installer 2009-03-29 10:41:29 ----A---- C:\WINDOWS\OEWABLog.txt 2009-03-29 10:41:28 ----A---- C:\WINDOWS\win.ini 2009-03-29 10:41:15 ----D---- C:\Documents and Settings 2009-03-29 10:40:06 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-28 10:07:05 ----D---- C:\Program Files\QuickTime 2009-03-28 10 38 ----D---- C:\WINDOWS\system322009-03-28 09:26:53 ----D---- C:\Documents and Settings\Jay\Application Data\Adobe 2009-03-28 09:26:53 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-03-28 09:01:05 ----D---- C:\WINDOWS 2009-03-28 03:07:00 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-28 02:20:38 ----D---- C:\Program Files\LimeWire 2009-03-28 02:18:12 ----RD---- C:\Program Files 2009-03-28 02:11:44 ----D---- C:\Program Files\Folder Lock 2009-03-28 00:38:28 ----D---- C:\WINDOWS\system32\drivers 2009-03-28 00:38:27 ----HD---- C:\WINDOWS\inf 2009-03-28 00:38:23 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-28 00:38:19 ----D---- C:\Program Files\iTunes 2009-03-28 00:37:51 ----D---- C:\Program Files\Common Files\Apple 2009-03-28 00:21:18 ----D---- C:\WINDOWS\Prefetch 2009-03-27 01:07:30 ----D---- C:\Documents and Settings\Jay\Application Data\uTorrent 2009-03-26 19:21:56 ----D---- C:\Documents and Settings\Jay\Application Data\LimeWire 2009-03-25 23:25:35 ----D---- C:\Program Files\Elecard 2009-03-25 23:25:33 ----D---- C:\Program Files\Common Files\Elecard 2009-03-25 23:23:04 ----A---- C:\WINDOWS\NeroDigital.ini 2009-03-23 18:32:51 ----SD---- C:\WINDOWS\Tasks 2009-03-23 07:10:56 ----A---- C:\WINDOWS\dellstat.ini 2009-03-22 17:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-03-21 23:29:50 ----SD---- C:\Documents and Settings\Jay\Application Data\Microsoft 2009-03-21 21:54:09 ----RSD---- C:\WINDOWS\assembly 2009-03-21 21:53:29 ----D---- C:\WINDOWS\Microsoft.NET 2009-03-21 21:48:11 ----D---- C:\Program Files\Common Files\System 2009-03-21 21:47:16 ----D---- C:\Program Files\Windows Live 2009-03-21 21:46:54 ----D---- C:\Program Files\Windows Live Toolbar 2009-03-21 21:46:35 ----D---- C:\WINDOWS\WinSxS 2009-03-21 21:46:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-03-21 21:45:20 ----D---- C:\WINDOWS\system32\DirectX 2009-03-21 21:42:36 ----D---- C:\Program Files\Windows Live SkyDrive 2009-03-21 21:34:11 ----D---- C:\Program Files\Common Files 2009-03-15 23:07:46 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-03-14 19:14:48 ----D---- C:\WINDOWS\ShellNew 2009-03-14 19:12:41 ----D---- C:\WINDOWS\system32\config 2009-03-14 19:10:51 ----D---- C:\Program Files\Microsoft Office 2009-03-14 19:10:01 ----RSD---- C:\WINDOWS\Fonts 2009-03-11 07:53:03 ----A---- C:\WINDOWS\imsins.BAK 2009-03-11 07:53:02 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-03-11 06:35:17 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-08 10:50:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-01 22:05:07 ----D---- C:\Program Files\FlashGet 2009-03-01 22:04:17 ----D---- C:\Downloads ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2007-01-23 20496] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056] R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S3 catchme;catchme; \??\C:\DOCUME~1\Jay\LOCALS~1\Temp\catchme.sys [] S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-23 26112] S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-07-23 36608] S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-23 68864] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504] S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\TELUSE~1\bin\MREMPR5.SYS [] S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\TELUSE~1\bin\MRENDIS5.SYS [] S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328] S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504] S4 Lsprsreta_;Lsprsreta_; C:\WINDOWS\system32\drivers\fdc.sys [2008-04-13 27392] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL [] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168] R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840] S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-05 68096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\DRoster\Firebird\bin\fbguard.exe [2006-01-17 65536] S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\DRoster\Firebird\bin\fbserver.exe [2006-01-17 1527895] S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280] S4 iWinGamesInstaller;iWinGamesInstaller; C:\Program Files\iWin Games\iWinGamesInstaller.exe [2008-03-05 78104] S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-22 152984] S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248] S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] -----------------EOF----------------- |
|
|
|
|
03-29-2009, 12:06 PM
|
#4 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 65
OS: WinXp Sp3
|
Re: Virus Help--Please?!?
Well, I just logged on my own account and the internet seemed to be loading quicker so I was hopefull something improved; not that I think it will just magically disappear on its own. I tried the RSIT program thing again on my account and it did the same thing here, log.txt but not the other one.
I have nearly backed up everything of mine and my room-mates onto a portable hard drive now since the computer is acting so nuts so if I have to do something drastic I will ;) |
|
|
|
|
03-29-2009, 01:11 PM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,030
OS: WinXP and Vista
|
Re: Virus Help--Please?!?
No worries, trust me, we can clean this.
I need for you to run rsit.exe on your account, not your brother's. Please log into yours, run rsit.exe and post the log.txt |
|
|
|
|
03-29-2009, 01:33 PM
|
#6 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 65
OS: WinXp Sp3
|
Re: Virus Help--Please?!?
Okay. Same thing only the log.ext appeared but here it is...
Logfile of random's system information tool 1.06 (written by random/random) Run by Lissa at 2009-03-29 12:34:32 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 109 GB (36%) free of 305 GB Total RAM: 2045 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:34:43 PM, on 3/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\lexpps.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\PROGRAM FILES\WINALARM\WINALARM.EXE C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Lissa\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Lissa.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://notesmail.bcit.ca/iNotes6W.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://otter1.vanaqua.org/activex/AxisCamControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EE7E0942-4218-404A-9516-296411E8A892}: NameServer = 192.168.1.254 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- End of file - 9728 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (NAUTILUS-Jay).job C:\WINDOWS\tasks\SDMsgUpdate (TE).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-04-07 42184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}] bho2gr Class - C:\Program Files\GetRight\xx2gr.dll [2006-09-11 237568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-04-07 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-23 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-04-07 143360] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2007-08-30 205480] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144] "nwiz"=nwiz.exe /install [] "WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-01-26 316728] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2007-08-30 205480] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe [2007-03-05 1103480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2007-08-30 205480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-03-06 236016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Games\Valve\Steam\Steam.exe [2008-10-14 1410296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-03-31 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-04-07 217190] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-09-09 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-03-23 161776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-04-08 67128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-01-30 688128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TELUS eCare.lnk] C:\PROGRA~1\TELUSE~1\bin\matcli.exe [2004-03-16 217088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Xfire.lnk] C:\PROGRA~1\Xfire\Xfire.exe [2006-06-06 4154504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2" "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent" "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\source sdk base\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\source sdk base\hl2.exe:*:Enabled:hl2" "C:\Program Files\Fantasy Grounds II\FantasyGrounds.exe"="C:\Program Files\Fantasy Grounds II\FantasyGrounds.exe:*:Enabled:FantasyGrounds" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\team fortress 2\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\team fortress 2\hl2.exe:*:Enabled:hl2" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\InterVideo\DVD7\WinDVD.exe"="C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD" "C:\Program Files\iWin Games\iWinGames.exe"="C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application." "C:\Program Files\iWin Games\WebUpdater.exe"="C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater." "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\counter-strike source\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\counter-strike source\hl2.exe:*:Enabled:hl2" "C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main" "C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD" "C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater" "C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server" "C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0" "C:\Program Files\e frontier\Poser 7 Demo\PoserDemo.exe"="C:\Program Files\e frontier\Poser 7 Demo\PoserDemo.exe:*:Enabled:Poser executable file" "C:\NeverwinterNights\NWN\nwmain.exe"="C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\NeverwinterNights\NWN\nwserver.exe"="C:\NeverwinterNights\NWN\nwserver.exe:*:Enabled:Neverwinter Nights Server" "C:\Program Files\Visicom Media\AceFTP 3 Freeware\Aceftp3free.exe"="C:\Program Files\Visicom Media\AceFTP 3 Freeware\Aceftp3free.exe:*:Enabled:AceFTP v3" "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life deathmatch source\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life deathmatch source\hl2.exe:*:Enabled:hl2" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life blue shift\hl.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\opposing force\hl.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\opposing force\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\Games\Valve\Steam\SteamApps\common\bloodrayne 2 demo\rayne2demo.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\common\bloodrayne 2 demo\rayne2demo.exe:*:Enabled:BloodRayne 2 Demo" "C:\Program Files\Games\Valve\Steam\SteamApps\common\left 4 dead demo\left4dead.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\common\left 4 dead demo\left4dead.exe:*:Enabled:Left 4 Dead Demo" "C:\Program Files\Games\Valve\Steam\SteamApps\common\bioshock demo\Builds\Release\Bioshock.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\common\bioshock demo\Builds\Release\Bioshock.exe:*:Enabled:Bioshock Demo" "C:\Program Files\Games\Valve\Steam\SteamApps\common\jericho demo\bin\Jericho.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\common\jericho demo\bin\Jericho.exe:*:Enabled:Clive Barker's Jericho Demo" "C:\Program Files\Games\Valve\Steam\SteamApps\common\heroes of annihilated empires demo\HeroesOfAE.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\common\heroes of annihilated empires demo\HeroesOfAE.exe:*:Enabled:Heroes of Annihilated Empires Demo" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\zombie panic! source\hl2.exe"="C:\Program Files\Games\Valve\Steam\SteamApps\nautilus_project\zombie panic! source\hl2.exe:*:Enabled:hl2" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======File associations====== .reg - open - regedit.exe"%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2009-04-10 22:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-03-29 10:42:09 ----D---- C:\Documents and Settings\Lissa\Application Data\InstallShield 2009-03-29 10:41:19 ----ASH---- C:\Documents and Settings\Lissa\Application Data\desktop.ini 2009-03-29 10:41:16 ----SD---- C:\Documents and Settings\Lissa\Application Data\Microsoft 2009-03-29 10:41:16 ----D---- C:\Documents and Settings\Lissa\Application Data\You've Got Pictures Screensaver 2009-03-29 10:41:16 ----D---- C:\Documents and Settings\Lissa\Application Data\Sun 2009-03-29 10:41:16 ----D---- C:\Documents and Settings\Lissa\Application Data\Macromedia 2009-03-29 10:41:16 ----D---- C:\Documents and Settings\Lissa\Application Data\Identities 2009-03-29 10:31:42 ----D---- C:\rsit 2009-03-28 02:27:30 ----HD---- C:\WINDOWS\PIF 2009-03-28 00:37:52 ----D---- C:\Program Files\iPod 2009-03-28 00:37:48 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-28 00:34:57 ----D---- C:\Program Files\Bonjour 2009-03-27 19:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\OrbNetworks 2009-03-27 19:25:52 ----D---- C:\Program Files\Winamp Remote 2009-03-27 19:23:45 ----D---- C:\Program Files\Winamp 2009-03-21 21:48:11 ----D---- C:\Program Files\Microsoft Office Outlook Connector 2009-03-21 21:46:34 ----D---- C:\Program Files\Microsoft Sync Framework 2009-03-21 21:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$ 2009-03-21 21:42:48 ----D---- C:\Program Files\Microsoft 2009-03-21 21:34:11 ----D---- C:\Program Files\Common Files\Windows Live 2009-03-14 19:25:33 ----D---- C:\Program Files\Microsoft Office Communicator 2009-03-14 19:11:41 ----D---- C:\Program Files\Microsoft Works 2009-03-14 19:11:24 ----D---- C:\Program Files\MSBuild 2009-03-14 19:09:36 ----D---- C:\Program Files\Microsoft.NET 2009-03-14 19 49 ----D---- C:\Program Files\Microsoft Visual Studio 82009-03-14 19 10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help2009-03-14 19:03:54 ----RHD---- C:\MSOCache 2009-03-11 07:53:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 07:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-11 07:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ ======List of files/folders modified in the last 1 months====== 2009-04-10 22:28:00 ----D---- C:\Program Files\Internet Explorer 2009-04-10 22:27:54 ----D---- C:\WINDOWS\ie7updates 2009-03-29 11:02:50 ----D---- C:\WINDOWS\Temp 2009-03-29 10:59:52 ----D---- C:\Program Files\Mozilla Firefox 2009-03-29 10:45:48 ----SHD---- C:\RECYCLER 2009-03-29 10:42:02 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt 2009-03-29 10:42:00 ----SHD---- C:\WINDOWS\Installer 2009-03-29 10:41:29 ----A---- C:\WINDOWS\OEWABLog.txt 2009-03-29 10:41:28 ----A---- C:\WINDOWS\win.ini 2009-03-29 10:41:15 ----D---- C:\Documents and Settings 2009-03-29 10:40:06 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-28 10:07:05 ----D---- C:\Program Files\QuickTime 2009-03-28 10 38 ----D---- C:\WINDOWS\system322009-03-28 09:26:53 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-03-28 09:01:05 ----D---- C:\WINDOWS 2009-03-28 03:07:00 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-28 02:20:38 ----D---- C:\Program Files\LimeWire 2009-03-28 02:18:12 ----RD---- C:\Program Files 2009-03-28 02:11:44 ----D---- C:\Program Files\Folder Lock 2009-03-28 00:38:28 ----D---- C:\WINDOWS\system32\drivers 2009-03-28 00:38:27 ----HD---- C:\WINDOWS\inf 2009-03-28 00:38:23 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-28 00:38:19 ----D---- C:\Program Files\iTunes 2009-03-28 00:37:51 ----D---- C:\Program Files\Common Files\Apple 2009-03-28 00:21:18 ----D---- C:\WINDOWS\Prefetch 2009-03-25 23:25:35 ----D---- C:\Program Files\Elecard 2009-03-25 23:25:33 ----D---- C:\Program Files\Common Files\Elecard 2009-03-25 23:23:04 ----A---- C:\WINDOWS\NeroDigital.ini 2009-03-23 18:32:51 ----SD---- C:\WINDOWS\Tasks 2009-03-23 07:10:56 ----A---- C:\WINDOWS\dellstat.ini 2009-03-22 17:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-03-21 21:54:09 ----RSD---- C:\WINDOWS\assembly 2009-03-21 21:53:29 ----D---- C:\WINDOWS\Microsoft.NET 2009-03-21 21:48:11 ----D---- C:\Program Files\Common Files\System 2009-03-21 21:47:16 ----D---- C:\Program Files\Windows Live 2009-03-21 21:46:54 ----D---- C:\Program Files\Windows Live Toolbar 2009-03-21 21:46:35 ----D---- C:\WINDOWS\WinSxS 2009-03-21 21:46:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-03-21 21:45:20 ----D---- C:\WINDOWS\system32\DirectX 2009-03-21 21:42:36 ----D---- C:\Program Files\Windows Live SkyDrive 2009-03-21 21:34:11 ----D---- C:\Program Files\Common Files 2009-03-15 23:07:46 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-03-14 19:14:48 ----D---- C:\WINDOWS\ShellNew 2009-03-14 19:12:41 ----D---- C:\WINDOWS\system32\config 2009-03-14 19:10:51 ----D---- C:\Program Files\Microsoft Office 2009-03-14 19:10:01 ----RSD---- C:\WINDOWS\Fonts 2009-03-11 07:53:03 ----A---- C:\WINDOWS\imsins.BAK 2009-03-11 07:53:02 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-03-11 06:35:17 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-08 10:50:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-01 22:05:07 ----D---- C:\Program Files\FlashGet 2009-03-01 22:04:17 ----D---- C:\Downloads ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2007-01-23 20496] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056] R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S3 catchme;catchme; \??\C:\DOCUME~1\Jay\LOCALS~1\Temp\catchme.sys [] S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-23 26112] S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-07-23 36608] S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-23 68864] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504] S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\TELUSE~1\bin\MREMPR5.SYS [] S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\TELUSE~1\bin\MRENDIS5.SYS [] S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328] S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504] S4 Lsprsreta_;Lsprsreta_; C:\WINDOWS\system32\drivers\fdc.sys [2008-04-13 27392] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL [] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168] R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840] S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-05 68096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\DRoster\Firebird\bin\fbguard.exe [2006-01-17 65536] S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\DRoster\Firebird\bin\fbserver.exe [2006-01-17 1527895] S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280] S4 iWinGamesInstaller;iWinGamesInstaller; C:\Program Files\iWin Games\iWinGamesInstaller.exe [2008-03-05 78104] S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-22 152984] S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248] S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] -----------------EOF----------------- |
|
|
|
|
03-29-2009, 01:38 PM
|
#7 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,030
OS: WinXP and Vista
|
Re: Virus Help--Please?!?
Thanks. :)
Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure how to do this, please see this link http://www.bleepingcomputer.com/forums/topic114351.html -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts.
|
|
|
|
|
03-29-2009, 01:40 PM
|
#8 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 65
OS: WinXp Sp3
|
Re: Virus Help--Please?!?
One more thing, this morning after I logged off of my roomie's bro's account and onto mine I was able to run Avast scan...it wasn't working before. Also, the WinPatrol warning about CTFmon appeared this morning as well. Before it would try to load and then the interface would imply never appear to allow you to start the scan. Today it works. Don't worry, I won't mess with anything but this was a small victory for me! :)
|
|
|
|
|
03-29-2009, 01:55 PM
|
#10 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 65
OS: WinXp Sp3
|
Re: Virus Help--Please?!?
Okay, I ran it and tried to post and it took about a minute to load up. It said I way over the allowable number of characters. Should I zip the file and send it or something. I thought I read something about being able to do that through the site or something?
|
|
|
|
|
03-29-2009, 01:58 PM
|
#12 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,030
OS: WinXP and Vista
|
Re: Virus Help--Please?!?
Yes, right click the C:\ComboFix.txt and select 'Send To>Compressed (zipped folder). Then attach it in your next reply via the Manage Attachments button
|
|
|
|
|
03-29-2009, 02:00 PM
|
#13 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 65
OS: WinXp Sp3
|
Re: Virus Help--Please?!?
Before I read your reply there I had already used winrar just because it's in the right-click menu when you click on the file. Let me know if that's cool or not, I can use Winzip instead if it makes a difference.
|
|
|
|
|
03-29-2009, 02:02 PM
|
#14 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,030
OS: WinXP and Vista
|
Re: Virus Help--Please?!?
Yes, I see it now. I was posting at the same time you were. Give me another minute or two to look this over.
|
|
|
|
|
03-29-2009, 02:07 PM
|
#17 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,030
OS: WinXP and Vista
|
Re: Virus Help--Please?!?
Nevermind, I now see the date is 2008. You've posted an old log.
Quote:
|
|
|
|
|
|
03-29-2009, 02:10 PM
|
#18 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 65
OS: WinXp Sp3
|
Re: Virus Help--Please?!?
That's weird, I have never, ever run Combofix before and I haven't been using this computer that long. Oh, but it was just in C: ....okay, nevermind. I'll delete the old one and run again. I downloaded straight to and ran it from the desktop.
|
|
|
|
|
03-29-2009, 02:16 PM
|
#20 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 65
OS: WinXp Sp3
|
Re: Virus Help--Please?!?
The first link didn't work before so I tried the 2nd link, selected save and choose the desktop. When it was done dl'ing I double-clicked and when the combofix progress bar disappeared I browsed to C: and nada.
|
|
|
|
| Thread Tools | |
|
|
Good to hear. Please run ComboFix anyway. :)
