Tech Support Forum banner
Cancel

IE acting funny, windows update redirects

Jump to Latest Follow
Status
Not open for further replies.
1 - 3 of 3 Posts
W

· Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
http://www.techsupportforum.com/security-center/hijackthis-log-help/hijackthis-log-help-inactive/304390-help-please-ie-going-nuts-pc-slow.html
pc is slow, windows update redirects to my homepage, cant enter my hard drives, give me "windows cannot find recylced/boot.com, make sure u typed the name correctly then continue." thats when i click on c drive.
here are the logs
Logfile of random's system information tool 1.04 (written by random/random)
Run by AK at 2008-11-19 15:13:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (13%) free of 114 GB
Total RAM: 2815 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:55 PM, on 11/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\AK\Desktop\RSIT.exe
C:\Program Files\trend micro\AK.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdceh.exe] C:\WINDOWS\system32\kdceh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1041409247218
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB0BA093-F171-40A5-B77D-C587AA9C9DDA}: NameServer = 85.255.112.86;85.255.112.189
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6645 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-14 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-14 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-14 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"C:\WINDOWS\system32\kdceh.exe"=C:\WINDOWS\system32\kdceh.exe []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-14 1234712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-03-21 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-10-14 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-09 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-09 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-25 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Steam\steamapps\[email protected]\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\[email protected]\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Steam\steamapps\[email protected]\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\[email protected]\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:pnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:pnkBstrB"
"C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe"="C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty(R): World at War Multiplayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae5bf873-fc36-11dc-8dab-0011092ef9b6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
shell\Open\command - resycled\boot.com g:


======List of files/folders created in the last 2 months======

2008-11-19 15:13:41 ----D---- C:\Program Files\trend micro
2008-11-19 15:13:40 ----D---- C:\rsit
2008-11-05 12:47:50 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-05 12:47:48 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-11-05 12:47:48 ----A---- C:\WINDOWS\system32\pbsvc.exe
2008-11-05 12:45:45 ----D---- C:\Program Files\Activision
2008-10-31 20:48:09 ----D---- C:\Program Files\GameTap
2008-10-31 20:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\GameTap
2008-10-31 20:47:50 ----D---- C:\Documents and Settings\AK\Application Data\InstallShield
2008-10-30 22:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-30 22:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-30 22:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-30 22:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-30 22:14:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-30 22:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 09:15:49 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-10-24 09:15:48 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-10-24 09:15:48 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-10-24 09:15:48 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-10-24 09:15:48 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-10-24 09:15:48 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-10-24 09:15:48 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-10-24 09:15:48 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-10-20 14:27:05 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-20 14:27:05 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-20 14:27:05 ----A---- C:\WINDOWS\system32\java.exe
2008-10-20 13:09:59 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-20 13:09:55 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-14 17:02:40 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-10-14 16:35:13 ----D---- C:\Program Files\Windows Sidebar
2008-10-14 16:22:56 ----D---- C:\Program Files\Common Files\LightScribe
2008-10-14 16:01:50 ----D---- C:\fixwareout
2008-10-14 12:31:44 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-14 09:59:23 ----HD---- C:\$AVG8.VAULT$
2008-10-14 09:35:23 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-14 09:35:17 ----D---- C:\Documents and Settings\AK\Application Data\AVGTOOLBAR
2008-10-14 09:35:12 ----D---- C:\Program Files\AVG
2008-10-14 09:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-13 23:31:07 ----D---- C:\Documents and Settings\AK\Application Data\Ahead
2008-10-13 23:30:11 ----D---- C:\Program Files\Nero
2008-10-13 23:30:11 ----D---- C:\Program Files\Common Files\Ahead
2008-10-13 23:04:37 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-10-13 23:04:08 ----A---- C:\WINDOWS\Irremote.ini
2008-10-13 22:43:25 ----RSHD---- C:\resycled
2008-10-13 22:35:39 ----D---- C:\Program Files\MagicISO
2008-10-09 22:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-07 09:08:45 ----D---- C:\Program Files\Microsoft SQL Server
2008-10-07 09:08:36 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-07 09:08:20 ----D---- C:\Program Files\Microsoft Synchronization Services
2008-10-07 09:08:20 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-07 09:04:58 ----D---- C:\Program Files\Microsoft.NET
2008-10-07 09:04:58 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-10-07 09:04:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-07 09:04:29 ----D---- C:\Program Files\Microsoft SDKs
2008-10-07 09:02:24 ----D---- C:\7214e9055775aaa56a1537
2008-10-07 09:02:12 ----D---- C:\WINDOWS\SxsCaPendDel
2008-10-04 22:01:41 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-04 22:01:02 ----D---- C:\WINDOWS\Prefetch
2008-10-04 21:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-04 21:55:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-04 21:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-04 21:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-04 21:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-04 21:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-04 21:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-04 21:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-04 21:54:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-04 21:54:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-04 21:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-04 21:48:58 ----D---- C:\WINDOWS\system32\scripting
2008-10-04 21:48:56 ----D---- C:\WINDOWS\l2schemas
2008-10-04 21:48:55 ----D---- C:\WINDOWS\system32\en
2008-10-04 21:48:55 ----D---- C:\Program Files\msn
2008-10-04 21:48:54 ----D---- C:\WINDOWS\system32\bits
2008-10-03 17:39:21 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-03 17:39:18 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-03 17:39:18 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-03 17:39:13 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-03 17:39:12 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-03 17:39:12 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-03 17:39:12 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-03 17:39:11 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-03 17:39:11 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-03 17:39:11 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-03 17:39:10 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-03 17:39:07 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-03 17:39:07 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-03 17:39:07 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-03 17:39:06 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-03 17:39:06 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-03 17:39:01 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-03 17:39:01 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-03 17:39:01 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-03 17:39:01 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-03 17:38:57 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-03 17:38:57 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-03 17:38:57 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-03 17:38:57 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-03 17:38:57 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-03 17:38:57 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-03 17:38:53 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-10-03 17:38:53 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-10-03 17:38:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-03 17:38:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-03 17:38:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-03 17:38:48 ----A---- C:\WINDOWS\005862_.tmp
2008-10-03 17:38:47 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-03 17:38:47 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-03 17:38:47 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-03 17:38:47 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-03 17:38:47 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-03 17:38:46 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-03 17:38:46 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-03 17:38:46 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-03 17:38:46 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-03 17:38:46 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-03 17:38:46 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-03 17:38:46 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-03 17:38:46 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-03 17:38:46 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-03 17:38:46 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-03 17:38:44 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-03 17:38:42 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-03 17:38:42 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-03 17:38:40 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-03 10:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-03 10:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-03 10:41:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-03 10:41:07 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-03 10:41:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-03 10:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-03 10:40:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-03 10:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-03 10:39:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-10-03 10:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-03 10:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-01 11:59:28 ----A---- C:\WINDOWS\NeroDigital.ini

======List of files/folders modified in the last 2 months======

2008-11-19 15:13:55 ----D---- C:\WINDOWS\Temp
2008-11-19 15:13:41 ----RD---- C:\Program Files
2008-11-19 15:09:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-18 13:21:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-11 21:09:52 ----SHD---- C:\WINDOWS\Installer
2008-11-11 21:09:52 ----A---- C:\WINDOWS\ODBC.INI
2008-11-08 19:41:27 ----SHD---- C:\RECYCLER
2008-11-05 18:27:25 ----D---- C:\Documents and Settings
2008-11-05 12:52:46 ----HD---- C:\WINDOWS\inf
2008-11-05 12:48:09 ----D---- C:\WINDOWS\system32\drivers
2008-11-05 12:47:50 ----D---- C:\WINDOWS\system32
2008-11-05 12:47:48 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-05 12:47:42 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-02 10:48:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 08:49:02 ----D---- C:\WINDOWS
2008-10-30 22:15:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-30 22:15:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-30 22:15:17 ----A---- C:\WINDOWS\imsins.BAK
2008-10-30 22:15:00 ----D---- C:\Program Files\Internet Explorer
2008-10-29 21:34:52 ----D---- C:\Program Files\Adobe
2008-10-24 09:15:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-20 14:27:04 ----D---- C:\Program Files\Java
2008-10-20 13:46:23 ----D---- C:\Documents and Settings\AK\Application Data\LimeWire
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 18:51:07 ----D---- C:\Program Files\Steam
2008-10-14 17:03:11 ----D---- C:\Documents and Settings\AK\Application Data\Nero
2008-10-14 16:50:12 ----D---- C:\Program Files\Common Files\Nero
2008-10-14 16:30:18 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-10-14 16:22:56 ----D---- C:\Program Files\Common Files
2008-10-14 14:53:11 ----D---- C:\Program Files\World of Warcraft
2008-10-14 13:06:00 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-14 10:03:19 ----D---- C:\Program Files\DAEMON Tools
2008-10-14 09:59:24 ----D---- C:\Fraps_2.9.1__Fixed_for_vista_
2008-10-14 09:34:06 ----SD---- C:\Documents and Settings\AK\Application Data\Microsoft
2008-10-13 23:22:17 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-10-07 18:21:33 ----RSD---- C:\WINDOWS\assembly
2008-10-07 18:19:24 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-07 09:08:34 ----D---- C:\temp
2008-10-07 09:08:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-07 09:06:08 ----D---- C:\WINDOWS\WinSxS
2008-10-07 09:05:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-07 09:03:16 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-07 09:03:13 ----D---- C:\WINDOWS\system32\en-us
2008-10-07 09:03:09 ----RSD---- C:\WINDOWS\Fonts
2008-10-04 22:09:47 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-04 22:09:31 ----A---- C:\WINDOWS\setuplog.txt
2008-10-04 22:00:27 ----D---- C:\WINDOWS\system32\Setup
2008-10-04 22:00:27 ----D---- C:\WINDOWS\AppPatch
2008-10-04 22:00:26 ----D---- C:\WINDOWS\system32\wbem
2008-10-04 21:59:27 ----D---- C:\WINDOWS\security
2008-10-04 21:55:57 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-04 21:54:53 ----D---- C:\Program Files\Messenger
2008-10-04 21:49:34 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-04 21:49:34 ----D---- C:\WINDOWS\network diagnostic
2008-10-04 21:49:33 ----D---- C:\WINDOWS\ime
2008-10-04 21:49:32 ----D---- C:\WINDOWS\Help
2008-10-04 21:48:59 ----D---- C:\WINDOWS\system32\usmt
2008-10-04 21:48:54 ----D---- C:\WINDOWS\peernet
2008-10-04 21:48:53 ----D---- C:\Program Files\Movie Maker
2008-10-04 21:44:38 ----D---- C:\WINDOWS\system32\Restore
2008-10-04 21:44:38 ----D---- C:\WINDOWS\system32\npp
2008-10-04 21:44:37 ----D---- C:\WINDOWS\msagent
2008-10-04 21:44:36 ----D---- C:\WINDOWS\srchasst
2008-10-04 21:44:36 ----D---- C:\Program Files\NetMeeting
2008-10-04 21:44:34 ----D---- C:\WINDOWS\system32\Com
2008-10-04 21:44:32 ----D---- C:\Program Files\Windows Media Player
2008-10-04 21:44:31 ----D---- C:\Program Files\Windows NT
2008-10-04 21:44:31 ----D---- C:\Program Files\Outlook Express
2008-10-04 21:44:26 ----D---- C:\Program Files\Common Files\System
2008-10-04 21:44:13 ----D---- C:\WINDOWS\system32\oobe
2008-10-04 21:44:11 ----D---- C:\WINDOWS\system
2008-10-04 21:41:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-04 21:39:24 ----D---- C:\WINDOWS\EHome
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-03 10:40:13 ----D---- C:\WINDOWS\ie7updates
2008-10-03 10:35:46 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-14 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-14 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-14 76040]
R2 X4HSX32;X4HSX32; \??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-03-19 184576]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2005-03-04 157696]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 ae1btvqs;ae1btvqs; C:\WINDOWS\system32\drivers\ae1btvqs.sys []
S3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-25 520192]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-14 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-14 231704]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-05 66872]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
R2 Viewpoint Service;Viewpoint Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
R3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
 

Attachments

tetonbob

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
#2 ·
Hello again....let's try to take care of this, this time. I generally reply relatively quickly once I take on a thread. Please do the same. I do require a bit more information before we begin.

Download GMER Rootkit Scanner from here or here.

Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe

The program will begin to run. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the Save button, and save the log file somewhere you can easily find it, such as your desktop. Please attach that log to your next reply.

If you do not receive notice about possible rootkit activity, remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. It will produce a log. Click on the Save button, and save the log file somewhere you can easily find it, such as your desktop. Please attach that log to your next reply.

---------------------------------------------------------------------------------------------
 
tetonbob

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
#3 ·
1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
2 Participants
Last post:
tetonbob
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top