Author Topic: Virus? (Read 2006 times)

guestolo · « **Reply #20 on:** July 24, 2009, 09:03:01 PM »

Actually, can I see a fresh scan with RSIT.exe and post it's new log please

Dale · « **Reply #21 on:** July 24, 2009, 09:34:12 PM »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nanette at 2009-07-24 21:32:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 38 GB (53%) free of 73 GB
Total RAM: 510 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:55 PM, on 7/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\program files\ge security supra\syncservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nanette\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nanette.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.Email Removed/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6247 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-19 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-22 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-06-30 1388544]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-18 1948440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-22 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-12-05 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2004-09-14 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe [2005-11-15 179784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-01-05 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboo]
C:\WINDOWS\Temp\RECOVE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2004-09-01 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR Media Server.lnk]
C:\PROGRA~1\NETGEAR\MEDIAS~1\MEDIAS~1.EXE -systray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nanette^Start Menu^Programs^Startup^Picaboo.lnk]
C:\PROGRA~1\Picaboo\Picaboo\PICABO~2.EXE [2006-05-04 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nanette^Start Menu^Programs^Startup^Resume Picaboo Installation.lnk]
C:\PROGRA~1\Picaboo\PICABO~1\PICABO~1.EXE [2006-07-13 316992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"CCALib8"=2
"WMPNetworkSvc"=3
"NetSvc"=3
"DSBrokerService"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DisplayKEY eSYNC Info.lnk - C:\Program Files\GE Security Supra\SyncInfoApp.exe
Logitech Harmony Remote Software 7.lnk - C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-18 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\wEmail Removedexe"="C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1134867187\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1134867187\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1134867187\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1134867187\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\NETGEAR\Media Server\MediaServer.exe"="C:\Program Files\NETGEAR\Media Server\MediaServer.exe:*:Disabled:Digital 5 Streaming Media Application"
"C:\Program Files\Mode11\CallDir.exe"="C:\Program Files\Mode11\CallDir.exe:*:Disabled:CallDir"
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe"="C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\wEmail Removedexe"="C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-07-22 19:08:19 ----D---- C:\_OTM
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\java.exe
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-19 20:27:16 ----D---- C:\rsit
2009-07-19 19:26:58 ----D---- C:\Documents and Settings\Nanette\Application Data\Malwarebytes
2009-07-19 19:26:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-19 19:26:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-18 16:19:14 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-18 16:17:20 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-18 16:17:19 ----D---- C:\Program Files\NOS
2009-07-18 13:22:01 ----HD---- C:\$AVG8.VAULT$
2009-07-18 13:00:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-18 12:59:58 ----D---- C:\Program Files\SpywareBlaster
2009-07-18 12:53:16 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-18 12:52:53 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-18 12:52:29 ----D---- C:\Program Files\AVG
2009-07-18 12:52:27 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-17 10:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-17 10:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-17 10:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-17 10:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-17 09:53:07 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-17 09:53:01 ----D---- C:\Program Files\MSBuild
2009-07-17 09:52:50 ----D---- C:\Program Files\Reference Assemblies
2009-07-17 09:52:08 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-07-17 09:52:07 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-07-17 09:52:07 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-07-17 09:52:06 ----D---- C:\4f2cacaadf4e32756a1446f8aae74558
2009-07-17 09:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-17 09:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-17 09:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-17 09:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-17 09:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-17 09:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-17 09:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-17 09:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-17 09:43:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-17 09:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-17 09:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-17 09:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-17 09:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-17 09:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-17 09:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-17 09:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-17 09:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-17 09:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-17 09:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-17 09:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-17 09:42:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-17 09:41:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-17 09:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-17 09:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-17 09:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-17 09:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-17 09:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-17 09:41:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-17 09:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-17 09:41:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-17 09:27:35 ----D---- C:\WINDOWS\Prefetch
2009-07-17 09:25:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-07-17 09:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-17 09:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-17 09:20:47 ----D---- C:\WINDOWS\system32\scripting
2009-07-17 09:20:46 ----D---- C:\WINDOWS\system32\en
2009-07-17 09:20:46 ----D---- C:\WINDOWS\l2schemas
2009-07-17 09:20:45 ----D---- C:\WINDOWS\system32\bits
2009-07-17 09:18:35 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-17 09:12:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-17 09:12:01 ----D---- C:\WINDOWS\EHome
2009-07-17 09:07:54 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-07-17 09:07:52 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-07-17 09:07:50 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-17 09:07:49 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-17 09:07:42 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-07-17 09:07:42 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-07-17 09:07:36 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-17 09:07:35 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slserv.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slgen.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\slrundll.exe
2009-07-17 09:07:29 ----N---- C:\WINDOWS\system32\setupn.exe
2009-07-17 09:07:27 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-07-17 09:07:26 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-17 09:07:24 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-07-17 09:07:24 ----N---- C:\WINDOWS\system32\qutil.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qagent.dll
2009-07-17 09:07:21 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-17 09:07:18 ----N---- C:\WINDOWS\system32\onex.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napstat.exe
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-07-17 09:07:07 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-07-17 09:07:06 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-17 09:07:06 ----N---- C:\WINDOWS\system32\mssha.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-17 09:06:49 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-07-17 09:06:36 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-17 09:06:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-17 09:06:26 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-17 09:06:20 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-17 09:06:12 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-17 09:06:08 ----N---- C:\WINDOWS\system32\credssp.dll
2009-07-17 09:06:03 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-17 09:06:02 ----N---- C:\WINDOWS\system32\azroles.dll
2009-07-17 09:06:00 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-17 09:06:00 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-17 09:05:52 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-07-17 08:25:04 ----D---- C:\Program Files\CCleaner
2009-07-17 08:17:25 ----N---- C:\WINDOWS\system32\xpsp4res.dll

======List of files/folders modified in the last 1 months======

2009-07-24 21:31:13 ----D---- C:\Program Files\Mozilla Firefox
2009-07-24 21:30:45 ----D---- C:\WINDOWS
2009-07-24 21:30:37 ----D---- C:\WINDOWS\Temp
2009-07-24 18:49:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-22 19:08:54 ----D---- C:\WINDOWS\SYSTEM32
2009-07-22 19:08:28 ----RD---- C:\Program Files
2009-07-22 19:03:45 ----SHD---- C:\WINDOWS\Installer
2009-07-22 19:03:22 ----D---- C:\Program Files\Java
2009-07-22 18:35:02 ----D---- C:\Program Files\Common Files
2009-07-19 19:53:06 ----D---- C:\WINDOWS\system32\DRIVERS
2009-07-19 19:12:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-18 16:22:19 ----D---- C:\Program Files\Adobe
2009-07-18 16:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-18 16:21:26 ----D---- C:\Program Files\Common Files\Adobe
2009-07-18 16:19:22 ----D---- C:\Documents and Settings\Nanette\Application Data\Adobe
2009-07-18 16:17:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-18 16:09:58 ----D---- C:\Program Files\BroadJump
2009-07-18 12:52:15 ----D---- C:\WINDOWS\WinSxS
2009-07-18 12:52:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-18 12:51:28 ----SD---- C:\Documents and Settings\Nanette\Application Data\Microsoft
2009-07-17 10:48:20 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-17 10:48:18 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-07-17 10:20:31 ----D---- C:\Program Files\Trend Micro
2009-07-17 10:18:51 ----D---- C:\WINDOWS\Debug
2009-07-17 10:15:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-17 10:15:19 ----HD---- C:\WINDOWS\INF
2009-07-17 10:14:45 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-07-17 10:10:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-17 10:05:30 ----D---- C:\WINDOWS\system32\WBEM
2009-07-17 10:05:30 ----D---- C:\WINDOWS\AppPatch
2009-07-17 10:05:30 ----D---- C:\Program Files\Internet Explorer
2009-07-17 10:03:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-17 09:52:58 ----D---- C:\WINDOWS\system32\en-US
2009-07-17 09:52:56 ----RSD---- C:\WINDOWS\Fonts
2009-07-17 09:52:26 ----D---- C:\WINDOWS\system32\SPOOL
2009-07-17 09:45:26 ----D---- C:\WINDOWS\ie7updates
2009-07-17 09:41:31 ----D---- C:\Program Files\Messenger
2009-07-17 09:27:06 ----D---- C:\WINDOWS\system32\Setup
2009-07-17 09:24:56 ----D---- C:\WINDOWS\SECURITY
2009-07-17 09:21:05 ----D---- C:\WINDOWS\network diagnostic
2009-07-17 09:21:05 ----D---- C:\WINDOWS\IME
2009-07-17 09:21:05 ----D---- C:\WINDOWS\Help
2009-07-17 09:20:48 ----D---- C:\WINDOWS\system32\USMT
2009-07-17 09:20:45 ----D---- C:\WINDOWS\PeerNet
2009-07-17 09:20:45 ----D---- C:\Program Files\Movie Maker
2009-07-17 09:18:30 ----D---- C:\WINDOWS\system32\Restore
2009-07-17 09:18:30 ----D---- C:\WINDOWS\system32\NPP
2009-07-17 09:18:29 ----D---- C:\WINDOWS\MSAGENT
2009-07-17 09:18:27 ----D---- C:\WINDOWS\SRCHASST
2009-07-17 09:18:26 ----D---- C:\Program Files\NetMeeting
2009-07-17 09:18:24 ----D---- C:\WINDOWS\system32\Com
2009-07-17 09:18:22 ----D---- C:\Program Files\Windows NT
2009-07-17 09:18:22 ----D---- C:\Program Files\Windows Media Player
2009-07-17 09:18:21 ----D---- C:\Program Files\Outlook Express
2009-07-17 09:18:19 ----D---- C:\Program Files\Common Files\System
2009-07-17 09:18:04 ----D---- C:\WINDOWS\system32\OOBE
2009-07-17 09:18:01 ----D---- C:\WINDOWS\SYSTEM
2009-07-17 09:15:17 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-17 08:46:25 ----D---- C:\WINDOWS\Internet Logs
2009-07-17 08:46:24 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-07-17 08:43:32 ----D---- C:\Program Files\Yahoo!
2009-07-16 07:57:02 ----D---- C:\Program Files\GE Security Supra
2009-07-15 10:51:42 ----D---- C:\Program Files\ZipForm Desktop
2009-07-12 22:30:57 ----D---- C:\Documents and Settings\Nanette\Application Data\ZoomBrowser EX
2009-07-12 22:29:51 ----D---- C:\Documents and Settings\Nanette\Application Data\CameraWindowDC
2009-07-08 15:37:57 ----A---- C:\WINDOWS\WIN.INI
2009-07-07 08:10:58 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-19 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-18 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-01-05 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-02-18 8413]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-07-14 14448]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-08-13 258368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 slabbus;DisplayKEY USB Cradle driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2006-09-07 55312]
S3 slabser;CP210x USB to UART Bridge Controller Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2006-09-07 89808]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-19 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-18 298776]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 DkeySync;DkeySync; c:\program files\ge security supra\syncservice.exe [2006-09-07 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-09 138680]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

guestolo · « **Reply #22 on:** July 24, 2009, 10:32:04 PM »

That service appears to have been deleted, what happens when you try and manually navigate to the following folders and try and delete them if found?

C:\rsit
C:\WINDOWS\Internet Logs
C:\WINDOWS\system32\ZoneLabs
C:\Program Files\Zone Labs

Dale · « **Reply #23 on:** July 24, 2009, 11:15:34 PM »

I was able to delete the first three no problem. The fourth doesn't seem to exist.

guestolo · « **Reply #24 on:** July 24, 2009, 11:35:49 PM »

==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[-HKEY_CLASSES_ROOT\ZAMailSafe]

[-HKEY_CURRENT_USER\Software\Zone Labs]

[-HKEY_LOCAL_MACHINE\Software\Zone Labs]

[-HKEY_USERS\.DEFAULT\Software\Zone Labs]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

Double click on fix.reg and allow to add/merge to the registry at the prompt

download OTC.exe and save it to desktop. This tool will remove most tools we used to clean your pc.

* Double-click OTC.exe.
* Click the CleanUp! button.
* Select Yes when the "Begin cleanup Process?" prompt appears.
* If you are prompted to Reboot during the cleanup, select Yes. If not reboot manually
* The tool will delete itself once it finishes, if not delete it by yourself.

Back in Windows manually delete fix.reg
That should do it
Everything running normally?>?

Dale · « **Reply #25 on:** July 25, 2009, 12:01:40 AM »

Things seem normal to me. Thanks! I'm calling it a night.

Need to see another HiJack this log?

Just in case I pasted one in below.

Thank you very much for all your help on this,
Dale

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:01 AM, on 7/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\program files\ge security supra\syncservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.Email Removed/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6199 bytes

guestolo · « **Reply #26 on:** July 25, 2009, 08:48:33 AM »

Looks good

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Dale · « **Reply #27 on:** July 25, 2009, 09:11:18 AM »

Cool!

Thanks again for all your help on this.

Till next time,
Dale

guestolo · « **Reply #28 on:** July 25, 2009, 09:17:47 AM »

Take care Dale, I'll lock this topic as problems are resolved
Till next time

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: Virus? (Read 2006 times)

guestolo

Virus?

Dale

Virus?

guestolo

Virus?

Dale

Virus?

guestolo

Virus?

Dale

Virus?

guestolo

Virus?

Dale

Virus?

guestolo

Virus?