View Full Version : Virtumonde re-infected? Or false positive?
Owen Glendower
2008-11-10, 21:58
Blade helped me clean this computer not long ago. I've been scanning regularly with Spybot and MBAM ever since. Spybot found two problems (other than the usual tracking cookies) today, but MBAM finds nothing. Relevant portion of Spybot log follows. I believe that the first item is a false positive, but I'm concerned about the second item.
Hijack log follows the Spybot log.
==================================================
--- Report generated: 2008-11-10 13:39 ---
Microsoft.Windows.AppFirewallBypass: [SBI $9FD0556E] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe
Virtumonde: [SBI $1E12D746] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2115294041-1510992036-392443510-1003\Software\Microsoft\fias4013
============================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:53 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\Owner\Desktop\downloads 2006\pcmrobot\robotype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3502
O2 - BHO: (no name) - {15F9ACDA-6932-4550-84C0-0A08DE3C6A4F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {62351E29-58D6-46F2-98BB-366EB204A204} - (no file)
O2 - BHO: (no name) - {6a580795-3f9a-41f5-8771-9d280998c5e1} - (no file)
O2 - BHO: (no name) - {75F19FE9-6F8D-411A-BB13-ECF213516C69} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8848C2B3-1046-4B01-B787-833A1C6A6A21} - (no file)
O2 - BHO: (no name) - {98DF8F83-F643-4BA8-9575-6DFF4E6EB345} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B28D43AB-D8A9-47D5-B290-CD857249588D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Sauk Valley Directory 2007.lnk = C:\Program Files\New Millenium Directories\SVD07\MagicCarpetBooks.exe
O4 - Startup: Shortcut to robotype.lnk = C:\Documents and Settings\Owner\Desktop\downloads 2006\pcmrobot\robotype.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} - http://www.pqprintcenter.com/plugin/axversion/1611/printquick1611.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156632643918
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200942456000
O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} - https://www.jiwire.com/activeX/wlaninfo.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: tuvVPgGY - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 9072 bytes
Hello Owen
Welcome to Safer Networking.
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your personal data before starting any clean up procedure.
Looks like you got hit again :sad:
Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
O2 - BHO: (no name) - {15F9ACDA-6932-4550-84C0-0A08DE3C6A4F} - (no file)
O2 - BHO: (no name) - {62351E29-58D6-46F2-98BB-366EB204A204} - (no file)
O2 - BHO: (no name) - {6a580795-3f9a-41f5-8771-9d280998c5e1} - (no file)
O2 - BHO: (no name) - {75F19FE9-6F8D-411A-BB13-ECF213516C69} - (no file)
O2 - BHO: (no name) - {8848C2B3-1046-4B01-B787-833A1C6A6A21} - (no file)
O2 - BHO: (no name) - {98DF8F83-F643-4BA8-9575-6DFF4E6EB345} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B28D43AB-D8A9-47D5-B290-CD857249588D} - (no file)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A}
O20 - Winlogon Notify: tuvVPgGY - C:\WINDOWS\
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a New Hijackthis log.
Owen Glendower
2008-11-11, 20:18
As you requested, Ken, thanks much.
Malwarebytes' Anti-Malware 1.30
Database version: 1383
Windows 5.1.2600 Service Pack 3
11/11/2008 1:10:13 PM
mbam-log-2008-11-11 (13-10-13).txt
Scan type: Quick Scan
Objects scanned: 51218
Time elapsed: 4 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:57 PM, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\Owner\Desktop\downloads 2006\pcmrobot\robotype.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3502
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Sauk Valley Directory 2007.lnk = C:\Program Files\New Millenium Directories\SVD07\MagicCarpetBooks.exe
O4 - Startup: Shortcut to robotype.lnk = C:\Documents and Settings\Owner\Desktop\downloads 2006\pcmrobot\robotype.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} - http://www.pqprintcenter.com/plugin/axversion/1611/printquick1611.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156632643918
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200942456000
O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} - https://www.jiwire.com/activeX/wlaninfo.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 8202 bytes
Hello,
Your log looks fine, those may have been just leftover entries that popped up. Malwarebytes came up clean and that's good.
I will keep this thread open for you for a week or so , if you feel your still having issue we can dig deeper.
How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Safe Surfn
Ken
Owen Glendower
2008-11-11, 20:56
Appreciate your prompt reply.
Ran Spybot right after I posted the logs. It reported the same two problems. I believe I saw the first item identified somewhere (perhaps on this forum) as a false positive. Should I have Spybot remove the second item?
I gather from Spybot and other sources that Virtumonde can "hide" and re-load itself via Winlogon. Is that's what's happening to me? Because I am not aware of any questionable or shady sites I've visited lately. And since my previous problem, I've been running Firefox with Noscript, and have only used IE6 once.
Would appreciate your thoughts. Thanks again for your help, and your clear instructions.
--- Report generated: 2008-11-11 13:37 ---
Microsoft.Windows.AppFirewallBypass: [SBI $9FD0556E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe
Virtumonde: [SBI $1E12D746] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2115294041-1510992036-392443510-1003\Software\Microsoft\fias4013
This is related to the Windows File and Tranfer Wizard, don't know why its being flagged, what this key is doing is letting it bypass your firewall.
Microsoft.Windows.AppFirewallBypass: [SBI $9FD0556E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe
.
This one says Nothing Done, are you letting Spybot remove it
Virtumonde: [SBI $1E12D746] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2115294041-1510992036-392443510-1003\Software\Microsoft\fias4013
Lets dig deeper
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Owen Glendower
2008-11-12, 00:34
Ran Spybot & deleted the Virtumonde item. Logs follow. As before, thanks for the prompt reply.
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-11 17:29:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (41%) free of 72 GB
Total RAM: 879 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:25 PM, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\Owner\Desktop\downloads 2006\pcmrobot\robotype.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3502
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Sauk Valley Directory 2007.lnk = C:\Program Files\New Millenium Directories\SVD07\MagicCarpetBooks.exe
O4 - Startup: Shortcut to robotype.lnk = C:\Documents and Settings\Owner\Desktop\downloads 2006\pcmrobot\robotype.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} - http://www.pqprintcenter.com/plugin/axversion/1611/printquick1611.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156632643918
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200942456000
O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} - https://www.jiwire.com/activeX/wlaninfo.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 8303 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-22 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-22 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-22 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-19 1234712]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-09-10 177448]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-22 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"QuickGammaLoader"=C:\Program Files\QuickGamma\QuickGammaLoader.exe [2005-03-28 68096]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE
Sauk Valley Directory 2007.lnk - C:\Program Files\New Millenium Directories\SVD07\MagicCarpetBooks.exe
Shortcut to robotype.lnk - C:\Documents and Settings\Owner\Desktop\downloads 2006\pcmrobot\robotype.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-15 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d75e0a9-9aee-11dd-a62c-0016765d06ba}]
shell\AutoRun\command - J:\InstallSeagateManager.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2273231-e6d2-11da-8f08-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
======List of files/folders created in the last 1 months======
2008-11-11 17:29:08 ----D---- C:\rsit
2008-11-11 08:56:49 ----D---- C:\VundoFix Backups
2008-11-11 08:56:49 ----A---- C:\VundoFix.txt
2008-10-24 12:52:33 ----D---- C:\Program Files\Common Files\xing shared
2008-10-24 12:45:23 ----D---- C:\Program Files\Common Files\Apple
2008-10-24 12:45:19 ----D---- C:\Program Files\QuickTime
2008-10-24 12:45:18 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-24 12:22:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-23 16:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 16:43:47 ----D---- C:\Seagate temp
2008-10-22 13:03:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 12:46:50 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-22 12:46:50 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-22 12:46:50 ----A---- C:\WINDOWS\system32\java.exe
2008-10-22 12:46:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-21 12:44:31 ----SHD---- C:\RECYCLER
2008-10-21 12:41:09 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-21 12:40:15 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-21 12:40:01 ----D---- C:\Program Files\Common Files\Adobe
2008-10-21 12:32:04 ----D---- C:\WINDOWS\temp
2008-10-21 12:32:03 ----A---- C:\ComboFix.txt
2008-10-21 10:27:03 ----A---- C:\Boot.bak
2008-10-21 10:26:46 ----RASHD---- C:\cmdcons
2008-10-21 10:25:52 ----A---- C:\WINDOWS\zip.exe
2008-10-21 10:25:52 ----A---- C:\WINDOWS\VFIND.exe
2008-10-21 10:25:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-21 10:25:52 ----A---- C:\WINDOWS\SWSC.exe
2008-10-21 10:25:52 ----A---- C:\WINDOWS\SWREG.exe
2008-10-21 10:25:52 ----A---- C:\WINDOWS\sed.exe
2008-10-21 10:25:52 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-21 10:25:52 ----A---- C:\WINDOWS\grep.exe
2008-10-21 10:25:52 ----A---- C:\WINDOWS\fdsv.exe
2008-10-21 10:25:47 ----D---- C:\WINDOWS\ERDNT
2008-10-21 10:25:47 ----D---- C:\Qoobox
2008-10-20 13:55:39 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-20 13:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-20 13:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-20 13:54:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-20 13:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-20 13:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-20 13:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-20 13:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-20 13:48:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-20 13:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-20 13:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-20 13:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-20 13:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-20 13:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-20 13:47:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-20 13:47:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-20 13:24:32 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-20 13:21:02 ----D---- C:\WINDOWS\Prefetch
2008-10-20 12:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-10-20 12:12:35 ----A---- C:\WINDOWS\setuplog.txt
2008-10-20 12:11:30 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-20 12:11:30 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-20 12:11:30 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-20 12:11:30 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-20 12:11:30 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-20 12:11:29 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-20 12:11:28 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-20 12:11:28 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-20 12:11:28 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-20 12:11:28 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-20 12:11:28 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-20 12:11:28 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-20 12:11:28 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-20 12:11:28 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-20 12:11:28 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-20 12:11:27 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-20 12:11:26 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-20 12:11:26 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-20 12:11:26 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-20 12:11:26 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-20 12:11:26 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-20 12:11:25 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-20 12:11:25 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-20 12:11:25 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-20 12:11:25 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-20 12:11:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-20 12:11:25 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-20 12:11:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-20 12:11:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-20 12:11:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-20 12:11:25 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-20 12:11:24 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-20 12:11:24 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-20 12:11:24 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-20 12:11:24 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-20 12:11:24 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-20 12:11:24 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-20 12:11:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-20 12:11:23 ----N---- C:\WINDOWS\system32\slserv.exe
2008-10-20 12:11:23 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-10-20 12:11:23 ----N---- C:\WINDOWS\system32\slgen.dll
2008-10-20 12:11:23 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-10-20 12:11:23 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-10-20 12:11:23 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-20 12:11:23 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-10-20 12:11:21 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-20 12:11:20 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-10-20 12:11:20 ----N---- C:\WINDOWS\slrundll.exe
2008-10-20 12:11:19 ----D---- C:\WINDOWS\system32\scripting
2008-10-20 12:11:18 ----D---- C:\WINDOWS\system32\en
2008-10-20 12:11:18 ----D---- C:\WINDOWS\l2schemas
2008-10-20 12:11:17 ----D---- C:\WINDOWS\system32\bits
2008-10-20 12:08:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-20 12:05:54 ----D---- C:\WINDOWS\network diagnostic
2008-10-20 12:04:22 ----A---- C:\WINDOWS\imsins.BAK
2008-10-20 12:00:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-20 12:00:22 ----D---- C:\WINDOWS\EHome
2008-10-20 11:31:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-18 12:08:15 ----A---- C:\WINDOWS\system32\13811a9d-.txt
2008-10-18 11:41:38 ----HD---- C:\$AVG8.VAULT$
2008-10-18 11:34:48 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-18 11:34:22 ----D---- C:\Program Files\AVG
2008-10-18 11:34:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-18 11:23:41 ----D---- C:\Program Files\CCleaner
2008-10-15 15:06:11 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-15 15:06:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 13:32:10 ----D---- C:\Program Files\Seagate
2008-10-15 13:32:10 ----D---- C:\Documents and Settings\All Users\Application Data\Seagate
2008-10-15 13:30:43 ----SHD---- C:\WINDOWS\ftpcache
2008-10-15 13:22:47 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-10-15 13:22:25 ----D---- C:\Program Files\Mozilla Firefox
======List of files/folders modified in the last 1 months======
2008-11-11 17:25:28 ----A---- C:\WINDOWS\win.ini
2008-11-11 17:23:35 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2008-11-11 17:21:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-11 11:42:40 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-10 17:23:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-09 20:19:42 ----D---- C:\Program Files\Qimage
2008-11-09 18:45:27 ----D---- C:\WINDOWS\system32
2008-11-09 18:35:28 ----A---- C:\WINDOWS\iltwain.ini
2008-11-04 20:31:33 ----D---- C:\Program Files\Picasa2
2008-11-04 20:31:31 ----HD---- C:\WINDOWS\inf
2008-11-04 20:31:31 ----D---- C:\WINDOWS\system32\drivers
2008-11-03 08:08:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 08:56:34 ----D---- C:\WINDOWS
2008-11-02 08:46:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-30 15:54:18 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-30 15:54:17 ----A---- C:\WINDOWS\brwmark.ini
2008-10-28 12:28:36 ----SHD---- C:\WINDOWS\Installer
2008-10-28 12:28:36 ----D---- C:\Config.Msi
2008-10-28 12:28:05 ----D---- C:\Documents and Settings
2008-10-24 18:28:18 ----D---- C:\WINDOWS\system32\Macromed
2008-10-24 17:00:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-24 16:31:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-24 12:52:33 ----D---- C:\Program Files\Common Files
2008-10-24 12:52:26 ----D---- C:\Program Files\Common Files\Real
2008-10-24 12:52:22 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-10-24 12:52:08 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-10-24 12:52:08 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-10-24 12:52:05 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-24 12:52:04 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-10-24 12:52:04 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-10-24 12:45:19 ----RD---- C:\Program Files
2008-10-24 12:24:15 ----D---- C:\Program Files\Apple Software Update
2008-10-24 12:22:31 ----SD---- C:\WINDOWS\Tasks
2008-10-23 16:00:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-23 15:59:42 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 16:44:14 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-22 13:08:46 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-10-22 13:05:50 ----D---- C:\Program Files\Java
2008-10-22 12:08:31 ----D---- C:\Program Files\ZAR
2008-10-22 12:05:26 ----D---- C:\Program Files\Stellar Phoenix Windows Data Recovery
2008-10-22 12:03:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 12:01:40 ----D---- C:\Program Files\Runtime Software
2008-10-22 11:51:18 ----D---- C:\Program Files\DIY DataRecovery iRecover 2.1
2008-10-22 11:49:56 ----D---- C:\Program Files\Active Data Recovery Software
2008-10-21 12:41:20 ----D---- C:\Program Files\Adobe
2008-10-21 12:30:12 ----A---- C:\WINDOWS\system.ini
2008-10-21 12:29:17 ----D---- C:\WINDOWS\AppPatch
2008-10-21 10:30:51 ----D---- C:\WINDOWS\system32\config
2008-10-21 10:27:03 ----RASH---- C:\boot.ini
2008-10-20 17:56:13 ----D---- C:\WINDOWS\system32\wbem
2008-10-20 14:52:42 ----D---- C:\Program Files\Microsoft Works
2008-10-20 14:34:57 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-20 14:34:56 ----RSD---- C:\WINDOWS\assembly
2008-10-20 13:52:03 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-20 13:51:27 ----D---- C:\WINDOWS\Debug
2008-10-20 13:50:03 ----D---- C:\WINDOWS\system32\en-us
2008-10-20 13:50:00 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-20 13:48:39 ----D---- C:\WINDOWS\WinSxS
2008-10-20 13:48:03 ----D---- C:\Program Files\Messenger
2008-10-20 13:20:20 ----D---- C:\WINDOWS\system32\Setup
2008-10-20 13:20:18 ----RSD---- C:\WINDOWS\Fonts
2008-10-20 12:14:46 ----D---- C:\WINDOWS\security
2008-10-20 12:11:33 ----D---- C:\WINDOWS\ime
2008-10-20 12:11:33 ----D---- C:\WINDOWS\Help
2008-10-20 12:11:20 ----D---- C:\WINDOWS\system32\usmt
2008-10-20 12:11:19 ----D---- C:\Program Files\Internet Explorer
2008-10-20 12:11:17 ----D---- C:\WINDOWS\PeerNet
2008-10-20 12:11:17 ----D---- C:\Program Files\Movie Maker
2008-10-20 12:08:09 ----D---- C:\WINDOWS\system32\Restore
2008-10-20 12:08:09 ----D---- C:\WINDOWS\system32\npp
2008-10-20 12:08:07 ----D---- C:\WINDOWS\msagent
2008-10-20 12:08:05 ----D---- C:\WINDOWS\srchasst
2008-10-20 12:08:04 ----D---- C:\Program Files\NetMeeting
2008-10-20 12:08:03 ----D---- C:\WINDOWS\system32\Com
2008-10-20 12:08:00 ----D---- C:\Program Files\Windows NT
2008-10-20 12:08:00 ----D---- C:\Program Files\Windows Media Player
2008-10-20 12:08:00 ----D---- C:\Program Files\Outlook Express
2008-10-20 12:07:56 ----D---- C:\Program Files\Common Files\System
2008-10-20 12:07:40 ----D---- C:\WINDOWS\system32\oobe
2008-10-20 12:07:37 ----D---- C:\WINDOWS\system
2008-10-20 12:04:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-18 12:05:07 ----D---- C:\Program Files\Lavasoft
2008-10-18 11:33:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-18 11:28:49 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-18 11:11:16 ----D---- C:\Program Files\Google
2008-10-18 11:11:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-15 15:00:10 ----D---- C:\Program Files\Trend Micro
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 14:56:43 ----A---- C:\WINDOWS\wininit.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-19 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-19 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-09 31846]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-15 1477632]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-07-22 231168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-06 4258816]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-15 405504]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-19 231704]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2001-11-22 57344]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-02-28 69632]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-17 161064]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-22 152984]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-05-18 172032]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-26 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-11-11 17:29:28
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Ipswitch WS_FTP LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3A31EEE-7C65-4EE6-BB0D-5549FD2D67B9}\setup.exe" -l0x9
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Color Control Panel Applet for Windows XP-->MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Suite Anniversary Edition-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE VERSION=12
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 97-->C:\Program Files\Microsoft Office\Office\Setup\AcmeWord.exe /w Word97.stf
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Monitor Calibration Wizard 1.0-->"C:\Program Files\Monitor Calibration Wizard\uninstall.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
New Millenium Directories SVD07-->C:\Program Files\New Millenium Directories\SVD07\Uninstal.exe
PhotoModeler Lite-->C:\PROGRA~1\PHOTOM~1\UNWISE.EXE C:\PROGRA~1\PHOTOM~1\INSTALL.LOG
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qimage-->C:\PROGRA~1\Qimage\UNWISE.EXE C:\PROGRA~1\Qimage\INSTALL.LOG
QuickGamma 2.0.0.3-->"C:\Program Files\QuickGamma\unins000.exe"
QuickMonitorProfile 2.0.0.1-->"C:\Program Files\QuickMonitorProfile\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RapidComm Voice-->C:\Program Files\RapidComm Voice\SETUP32.EXE
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{46A1C37C-464A-4C50-9F9E-BDBAE1FA3AE3}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{46A1C37C-464A-4C50-9F9E-BDBAE1FA3AE3}
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
=====HijackThis Backups=====
O4 - HKLM\..\Run: [18a2dee3] rundll32.exe "C:\WINDOWS\system32\epkkejdi.dll",b
O4 - HKLM\..\Run: [BM1b91ed7f] Rundll32.exe "C:\WINDOWS\system32\ogdqhcad.dll",s
O2 - BHO: {1e5c8990-82d9-1778-5f14-a9f3597085a6} - {6a580795-3f9a-41f5-8771-9d280998c5e1} - C:\WINDOWS\system32\eyahid.dll (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O2 - BHO: (no name) - {1702984E-7F76-458B-A33A-A7B32A0DCC72} - C:\WINDOWS\system32\tuvVPgGY.dll (file missing)
O2 - BHO: (no name) - {15F9ACDA-6932-4550-84C0-0A08DE3C6A4F} - C:\WINDOWS\system32\tuvULEtR.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O20 - Winlogon Notify: tuvVPgGY - tuvVPgGY.dll (file missing)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {15F9ACDA-6932-4550-84C0-0A08DE3C6A4F} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
O2 - BHO: (no name) - {6a580795-3f9a-41f5-8771-9d280998c5e1} - (no file)
O2 - BHO: (no name) - {8848C2B3-1046-4B01-B787-833A1C6A6A21} - (no file)
O20 - Winlogon Notify: tuvVPgGY - C:\WINDOWS\
O2 - BHO: (no name) - {B28D43AB-D8A9-47D5-B290-CD857249588D} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {75F19FE9-6F8D-411A-BB13-ECF213516C69} - (no file)
O2 - BHO: (no name) - {62351E29-58D6-46F2-98BB-366EB204A204} - (no file)
O2 - BHO: (no name) - {98DF8F83-F643-4BA8-9575-6DFF4E6EB345} - (no file)
======Security center information======
AV: AVG Anti-Virus Free
AV: McAfee VirusScan (disabled)
FW: McAfee Personal Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Looking good :bigthumb:
You can remove this via the Add Remove programs as you just want to keep the latest version of Java
Java(TM) 6 Update 5- <-- This one only
Any other issues, post back.
Ken:)
Owen Glendower
2008-11-12, 04:36
Thanks much, Ken, will do.