Nasty rootkit/rogueware

[Darkebrz]

I will start by saying I have no idea what I have here. On my computer something popped up saying it was Personal Antivirus, the general rogueware thing. However when searching the net, (which is hard as it blocks clicking links in google) it appeared that I don't have any of the symptoms. I had just started my computer back up, and deleted a process that I knew wasn't right. The Personal Antivirus thing went away, but I still couldn't run Spybot, malwarebytes, or even do a system restore.
Then suddenly when I checked task manager, I noticed b.exe was up, and then my computer shut down. I now restarted in safe mode, and am posting here.
While I was able to run Hijackthis yesterday, I can't today. Luckily I still have a log from yesterday, and that should be the same.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:48 AM, on 8/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\X-Chat 2\xchat.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\mbam-setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [svhost] C:\WINDOWS\system32\svhost.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9fe562c1cd760) (gupdate1c9fe562c1cd760) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 11010 bytes

[Darkebrz]

Okay, here is an update. I found b.exe to be running, along with msa.exe and braviax.exe. I have removed msa.exe and braviax.exe from WINDOWS. I am now hunting down b.exe, and will try to delete the registry files.

[Darkebrz]

I am very sorry for the triple post, but this is interesting. It seems to try and opening iexplorer.exe every little while, but I kill the process for safety. I use Chrome for most of my internet needs.

[Blade81]

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log in your reply.

[Darkebrz]

DDS (Ver_09-07-30.01) - NTFSx86
Run by Darkebrz at 13:04:53.84 on Mon 08/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.397 [GMT -4:00]
DDS is done, I will run GMER next.


AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Documents and Settings\Darkebrz\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Wakoopa\Wakoopa.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Darkebrz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Documents and Settings\Darkebrz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Chrome Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [F.lux] "c:\documents and settings\darkebrz\local settings\apps\f.lux\flux.exe" /noshow
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Wakoopa] c:\program files\wakoopa\Wakoopa.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot\TeaTimer.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\darkebrz\applic~1\mozilla\firefox\profiles\cegv45td.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\darkebrz\application

data\mozilla\firefox\profiles\cegv45td.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\darkebrz\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npvirtools.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-

ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-

ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-19 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-19 27656]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2007-8-7 2944]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-12 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-12 25160]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-19 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-19 107272]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-8-12 707152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program

files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R3 vgadrv;vgadrv;c:\windows\system32\drivers\vgadrv.sys [2006-6-10 8078]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-19 875288]
S2 gupdate1c9fe562c1cd760;Google Update Service (gupdate1c9fe562c1cd760);c:\program files\google\update\GoogleUpdate.exe [2009-7-6 133104]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys

[?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program

files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XDva035;XDva035;\??\c:\windows\system32\xdva035.sys --> c:\windows\system32\XDva035.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\xdva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\xdva215.sys --> c:\windows\system32\XDva215.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\xdva277.sys --> c:\windows\system32\XDva277.sys [?]

=============== Created Last 30 ================

2009-08-17 12:04 10,240 a------- c:\windows\braviax.exe
2009-08-13 03:57 197 a------- c:\windows\system32\MRT.INI
2009-08-12 23:45 0 a----r-- C:\logwmemory.bin
2009-08-12 23:43 25 a------- c:\windows\popcinfot.dat
2009-08-12 17:31 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 17:30 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-12 00:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-08-12 00:27 179,792 a------- c:\windows\system32\guard32.dll
2009-08-12 00:27 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-08-12 00:27 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-12 00:27 <DIR> --d----- c:\program files\COMODO
2009-08-11 12:29 <DIR> --d----- c:\program files\Steam
2009-08-11 11:26 10,240 a------- c:\windows\braviax.exv
2009-08-10 15:32 <DIR> --d----- c:\windows\ShellNew
2009-08-10 15:32 <DIR> --d----- c:\program files\AutoHotkey
2009-08-10 12:07 6,144 a------- c:\windows\system32\cru629.dat
2009-08-10 12:07 6,144 a------- c:\windows\cru629.dat
2009-08-10 12:05 15,000 a------- c:\windows\system32\hs7f3uhduhfukde.dll
2009-08-10 12:05 191,179 a------- c:\windows\system32\wisdstr.exe
2009-08-10 12:05 28,160 ac------ c:\windows\system32\dllcache\beep.sys
2009-08-10 12:05 10,240 a------- c:\windows\system32\braviax.exe
2009-08-10 11:48 <DIR> --d----- c:\program files\Spybot
2009-08-10 03:00 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 03:00 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-10 03:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 03:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-10 02:46 <DIR> --d----- c:\program files\Unlocker
2009-08-10 01:23 207,364 a------- c:\windows\system32\msxml71.dll
2009-08-10 01:23 36,864 a------- c:\windows\system32\net.net
2009-08-10 01:13 1,234,791 a------- c:\windows\system32\xa.tmp
2009-08-07 21:22 <DIR> --d----- c:\program files\Wakoopa
2009-08-07 02:40 <DIR> --d----- C:\SAVE
2009-08-07 02:27 <DIR> --d----- C:\Sierra
2009-08-01 23:34 <DIR> --d----- c:\docume~1\darkebrz\applic~1\X-Chat 2
2009-08-01 23:27 <DIR> --d----- c:\program files\X-Chat 2
2009-08-01 02:55 <DIR> --d----- c:\program files\uTorrent
2009-08-01 02:38 <DIR> --d----- c:\program files\Skulltag
2009-07-31 15:33 <DIR> --d----- c:\docume~1\darkebrz\applic~1\mIRC
2009-07-31 03:01 <DIR> --d----- C:\3871e0b31e0fd4d092
2009-07-31 03:00 <DIR> --d----- C:\34fc0db049b560bc804702843b
2009-07-30 23:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-30 23:41 1,409 a------- c:\windows\QTFont.for
2009-07-30 19:51 <DIR> --d----- c:\program files\VideoLAN
2009-07-30 10:09 <DIR> --d----- c:\program files\Warrior Epic
2009-07-30 10:05 <DIR> --d----- C:\Chrome Downloads
2009-07-28 23:08 0 a------- c:\windows\VDM1B6.tmp
2009-07-28 23:08 0 a------- c:\windows\VDM1B5.tmp
2009-07-28 23:08 285 a------- c:\windows\EReg072.dat
2009-07-28 23:08 0 a------- c:\windows\VDM1B3.tmp
2009-07-28 23:08 0 a------- c:\windows\VDM1B2.tmp
2009-07-28 23:08 38,160 a------- c:\windows\system32\LMRTREND.dll
2009-07-28 23:08 140,800 a------- c:\windows\system32\tm20dec.ax
2009-07-28 23:08 182,032 a------- c:\windows\system32\dxtmsft3.dll
2009-07-28 23:08 0 a------- c:\windows\VDM1A2.tmp
2009-07-28 23:08 0 a------- c:\windows\VDM1A1.tmp
2009-07-28 23:07 63,488 a------- c:\windows\system32\unam4ie.exe
2009-07-28 23:07 194,320 a------- c:\windows\system32\qcut.dll
2009-07-28 23:07 11,776 a------- c:\windows\system32\mciqtz.drv
2009-07-28 23:07 10,240 a------- c:\windows\system32\vidx16.dll
2009-07-28 23:07 5,672 a------- c:\windows\system32\quartz.vxd
2009-07-28 23:07 0 a------- c:\windows\VDM16F.tmp
2009-07-28 23:07 4,608 a------- c:\windows\system32\w95inf32.dll
2009-07-28 23:07 2,272 a------- c:\windows\system32\w95inf16.dll
2009-07-28 23:07 0 a------- c:\windows\VDM166.tmp
2009-07-28 23:07 0 a------- c:\windows\VDM165.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM163.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM162.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM161.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM15F.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM15E.tmp
2009-07-28 23:05 0 a------- c:\windows\VDM159.tmp
2009-07-28 23:05 0 a------- c:\windows\VDM153.tmp
2009-07-28 23:04 0 a------- c:\windows\VDM152.tmp
2009-07-28 22:57 <DIR> --d----- c:\documents and settings\darkebrz\WINDOWS
2009-07-27 12:12 <DIR> --d----- c:\windows\Simple Port Forwarding
2009-07-27 12:12 <DIR> --d----- c:\program files\Simple Port Forwarding
2009-07-23 21:57 41,872 a------- c:\windows\system32\xfcodec.dll
2009-07-23 16:53 <DIR> --d----- c:\program files\UrbanTerror4.1
2009-07-23 10:20 1,071,088 a------- c:\windows\system32\mscomctl.ocx
2009-07-23 00:23 <DIR> --d----- c:\program files\OpenAL
2009-07-23 00:21 <DIR> --d----- c:\program files\AssaultCube_v1.0
2009-07-21 19:50 <DIR> --d----- c:\program files\Zachtronics Industries
2009-07-20 12:11 <DIR> --d----- c:\docume~1\darkebrz\applic~1\JCreator

==================== Find3M ====================

2009-08-10 13:35 63,620 a---h--- c:\windows\system32\mlfcache.dat
2009-08-10 12:34 7,912 a------- c:\windows\system32\d3d9caps.dat
2009-08-10 12:05 28,160 a------- c:\windows\system32\drivers\beep.sys
2009-08-07 23:11 139,072 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-07 22:54 189,672 a------- c:\windows\system32\PnkBstrB.exe
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-23 00:23 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-23 00:23 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 21:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-23 01:36 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 17:15 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-12 17:10 139,152 a------- c:\docume~1\darkebrz\applic~1\PnkBstrK.sys
2009-06-12 17:10 794,408 a------- c:\windows\system32\pbsvc.exe
2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-08 18:22 144 a------- c:\docume~1\darkebrz\applic~1\wklnhst.dat
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-02-07 13:20 34 a------- c:\documents and settings\darkebrz\jagex_runescape_preferences.dat
2007-12-15 18:25 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-03-30 12:21 4,760,576 ac-sh--- c:\program files\ehthumbs.db

============= FINISH: 13:07:07.21 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/22/2006 2:30:43 PM
System Uptime: 8/17/2009 12:48:47 PM (1 hours ago)

Motherboard: Intel Corporation | | PRAGUE
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 226 GiB total, 34.027 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Sansa Media Converter
µTorrent
7-Zip 4.65
7500_7600_7700_Help
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 9
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advertisement Service
Agere Systems PCI Soft Modem
AIM 6
Alien Arena 2008 7.21
Allied Intent Xtended 2.0
Apple Software Update
AruaROSE
AssaultCube v1.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AutoHotkey 1.0.48.03
AutoUpdate
AVG Free 8.0
balldroppings
Battlefield 2(TM)
Battlefield 2142 Deluxe Edition
Battlefield Heroes
Battlefield Heroes (PTE)
Belarc Advisor 7.2
BF2 Editor
Bikez_II
Bontago
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
Bridge Builder
Bridge Building Game
BufferChm
Build Your Own Net Dream (remove only)
Call of Combat
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CGoban 3
Cheat Engine 5.4
Click to DVD 2.4.10
COMODO Internet Security
Cottage Of Doom 1.0
Crayon Physics Deluxe - release 51
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
D-Link VGA Webcam
Destinations
Detritus 1.3.08
DeviceManagementQFolder
Digsby
DivX Codec
DivX Web Player
DocProc
DocProcQFolder
DVgate Plus
Dyson v1.10
EA Download Manager
Easytoon 1.9.5
eSupportQFolder
F.lux
Fallout 3
FileZilla Client 3.2.6.1
Finale NotePad 2009
First Strike Launcher (remove only)
Form Fill (Windows Live Toolbar)
FoxyTunes for Firefox
Fraps (remove only)
Freeciv 2.0.9 (GTK+ client)
Frets On Fire
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU

(KB960089)
GearDrvs
GIMP 2.4.7
Give4Free Plugin
GNU Aspell 0.50-3
Google Chrome
Google Earth
Google SketchUp 7
Google Toolbar for Firefox
Google Update Helper
Google Updater
Google Web Accelerator
GraphicsGale FreeEdition version 1.93
GTA San Andreas
GTA2
GTK+ 2.10.6-1 runtime environment
GTK+ Runtime 2.12.1 rev a (remove only)
Half-Life
Half-Life 2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Memories Disc
hp officejet 6100 series
HP Officejet Pro All-In-One Series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
HyperCam 2
IceChat 7.63 (Build 20080417)
Image Converter 2
Infiniminer
Instant Eyedropper 1.75
InstantShareDevicesMFC
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD for VAIO
IrfanView (remove only)
ISScript
J2SE Runtime Environment 5.0 Update 3
Jailbreak Source v0.4.1
Java(TM) 6 Update 14
Java(TM) 6 Update 7
JCreator LE 4.50
L7500
La Tale
LimeWire 5.1.3
Line Rider 2
Liquid War 5.6.4
Little Fighter 2 v1.9
Logitech iTouch Software
Mabinogi
Map Button (Windows Live Toolbar)
MapleStory
MarketResearch
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Works
Microsoft WSE 3.0 Runtime
Miners4k
mIRC
MoodLogic
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.14)
MPlugin
MPM
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Musicnotes Player V1.23.1
Napster
Napster Burn Engine
Need for Speed™ Undercover
Netscape Internet Service Setup
Network Play System (Patching)
Noitu Love 2: Devolution
Notepad++
NVIDIA PhysX v8.09.04
ObjectDock
OCR Software by I.R.I.S 7.0
OneCare Advisor (Windows Live Toolbar)
OpenAL
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.2.00
OpenOffice.org 3.0
Opera 9.20
Opera 9.27
Oregon Trail 5
Paint.NET v3.35
Pando Media Booster
PanoStandAlone
PDF Settings
PeerGuardian 2.0
Pharaoh and Cleopatra
Phun beta 4.13
Pivot Stickfigure Animator
Poke
Polychromatic Funk Monkey 1.4
Popup Blocker (Windows Live Toolbar)
ProductContext
Project64 1.6
PunkBuster Services
Python 2.6
Quicken 2005
QuickTime
RealPlayer Basic
Rhapsody Player Engine
Risk
ROM CHECK FAIL 1.0
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Rumble Box Tournament Edition
Safari
Scan
Secret Maryo Chronicles
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SigmaTel Audio
Simple Port Forwarding
Skins
Skulltag
Skype™ 3.6
Smart Menus (Windows Live Toolbar)
Soldat 1.4.2
Soldat 1.5.0
Soldat BOT Creator/Editor 1.2.0
SolutionCenter
Sonic Encoders
SonicStage 3.2
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony MP4 Shared Library
Sony TV Tuner Library 1.0
Sony Video Shared Library
SpeedFan (remove only)
Spybot - Search & Destroy
Star Wars Galactic Battlegrounds: Saga
Starcraft
Status
Steam
StepMania (remove only)
Stunt Playground
System Shock2
TeqDemo
TeqTaunt
The Sims
TI Connect 1.6
Toolbox
Toribash 3.06
Transparent Windows
TrayApp
Tremulous 1.1.0
Undelete Plus 2.98
UniTaunt 1.0
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Urban Terror 4.1
VAIO Central
VAIO Entertainment Platform
VAIO Light Flo Wallpaper
VAIO Long Battery Life Wallpaper
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.2
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene SD Normal Contents
VAIO Registration
VAIO Support Central
VAIO Survey Standalone
VAIO Update 2
Vegas Movie Studio Platinum 9.0
Vektor Space
VeohTV BETA
Video Edit Magic Express 4.11
Viewpoint Media Player
Virtools 3D Life Player
VLC media player 1.0.1
Wakoopa
WebFldrs XP
WebReg
West Point Bridge Designer 2007
Winamp (remove only)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
World of Warcraft
World of Warcraft FREE Trial
X-Chat 2.8.6-2
Xfire (remove only)
XviD MPEG-4 Video Codec

==== Event Viewer Messages From Past Week ========

8/13/2009 9:43:29 PM, error: Tcpip [4199] - The system detected an address

conflict for IP address 192.168.1.100 with the system having network

hardware address 00:17:AB:EE:C4:74. Network operations on this system may

be disrupted as a result.
8/13/2009 4:06:54 AM, error: Windows Update Agent [20] - Installation

Failure: Windows failed to install the following update with error

0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3

(KB955706).
8/12/2009 12:14:44 PM, error: Service Control Manager [7006] - The

ScRegSetValueExW call failed for Type with the following error: Access is

denied.
8/12/2009 12:14:26 PM, error: Service Control Manager [7006] - The

ScRegSetValueExW call failed for Start with the following error: Access is

denied.
8/12/2009 10:09:48 PM, error: System Error [1003] - Error code 100000d1,

parameter1 e25a8000, parameter2 00000002, parameter3 00000000, parameter4

ae0060a5.
8/11/2009 11:35:29 AM, error: Service Control Manager [7034] - The VAIO

Entertainment Database Service service terminated unexpectedly. It has

done this 1 time(s).
8/10/2009 9:56:51 PM, error: Service Control Manager [7031] - The AVG

Free8 WatchDog service terminated unexpectedly. It has done this 1 time

(s). The following corrective action will be taken in 0 milliseconds:

Restart the service.
8/10/2009 4:32:03 PM, information: Windows File Protection [64002] - File

replacement was attempted on the protected system file c:\program

files\internet explorer\iexplore.exe. This file was restored to the

original version to maintain system stability. The file version of the

system file is 7.0.6000.16876.
8/10/2009 2:59:43 AM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service StiSvc with arguments "" in order to run

the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/10/2009 10:39:47 PM, error: Service Control Manager [7034] - The

npkcmsvc service terminated unexpectedly. It has done this 1 time(s).
8/10/2009 1:30:01 AM, error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: AvgLdx86

AvgMfx86 BANTExt DMICall Fips intelppm
8/10/2009 1:30:01 AM, error: Service Control Manager [7001] - The VAIO

Entertainment File Import Service service depends on the VAIO Entertainment

Database Service service which failed to start because of the following

error: The dependency service or group failed to start.
8/10/2009 1:29:55 AM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service EventSystem with arguments "" in order to

run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/10/2009 1:19:46 PM, error: Service Control Manager [7023] - The System

Restore Service service terminated with the following error: The system

cannot find the file specified.
8/10/2009 1:19:46 PM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Viewpoint Manager Service service to

connect.
8/10/2009 1:19:46 PM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Google Update Service

(gupdate1c9fe562c1cd760) service to connect.
8/10/2009 1:19:46 PM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to

connect.
8/10/2009 1:19:46 PM, error: Service Control Manager [7000] - The

Viewpoint Manager Service service failed to start due to the following

error: The service did not respond to the start or control request in a

timely fashion.
8/10/2009 1:19:46 PM, error: Service Control Manager [7000] - The Google

Update Service (gupdate1c9fe562c1cd760) service failed to start due to the

following error: The service did not respond to the start or control

request in a timely fashion.
8/10/2009 1:19:46 PM, error: Service Control Manager [7000] - The AVG

Free8 E-mail Scanner service failed to start due to the following error:

The service did not respond to the start or control request in a timely

fashion.
8/10/2009 1:17:50 PM, error: SRService [104] - The System Restore

initialization process failed.

==== End Of File ===========================

[Darkebrz]

GMER won't work. The first 2 times I ran it it crashed my computer, and the third time it just crashed.

[Blade81]

Hi,

Are you able to reboot into safe mode and run GMER there?

[Darkebrz]

Er, I have gotten GMER to run, but the log file is HUGE! How do I post it in sections?

[Blade81]

You may archive it into a zip file and attach it to your reply

[Darkebrz]

Okay, thanks for the quick response!