Hijackthis log - just making sure everything is okay

[BonKerz]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:02 PM, on 6/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\WINDOWS\ehome\medctrro.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

--
End of file - 4671 bytes

 

[techpro5238]

Follow my instruction in the other thread about the scan and post it up here. If I find it is clean, then you may return back to the old thread.

 

[BonKerz]

Here is the Malware bytes logfile.

Malwarebytes' Anti-Malware 1.17
Database version: 849

11:41:14 PM 6/11/2008
mbam-log-6-11-2008 (23-41-14).txt

Scan type: Quick Scan
Objects scanned: 46333
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Gray\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gray\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gray\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Gray\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gray\Application Data\AdwareAlert\Log\2008 Jan 01 - 04_13_07 PM_500.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gray\Application Data\AdwareAlert\Log\2008 Jan 01 - 04_13_08 PM_671.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gray\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

 

[BonKerz]

What do you want me to do now?

 

[techpro5238]

Hello Again,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

 

[BonKerz]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of Memory in Use: 15%
Physical Memory (total/avail): 3071.48 MiB / 2594.23 MiB
Pagefile Memory (total/avail): 4957.47 MiB / 4644.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1818.67 MiB

C: is Fixed (NTFS) - 298.08 GiB total, 227.97 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GRAY-043BC1E5E1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Gray.GRAY-043BC1E5E1
LOGONSERVER=\\GRAY-043BC1E5E1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GRAY~1.GRA\LOCALS~1\Temp
TMP=C:\DOCUME~1\GRAY~1.GRA\LOCALS~1\Temp
USERDOMAIN=GRAY-043BC1E5E1
USERNAME=Gray
USERPROFILE=C:\Documents and Settings\Gray.GRAY-043BC1E5E1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Gray.GRAY-043BC1E5E1 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Age of Conan - Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Compact Wireless-G USB Network Adapter with SpeedBooster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65563451-00B6-458C-9F9A-03A7757355A6}\setup.exe" -l0x9
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
EVGA Precision 1.1.1 --> "C:\Program Files\EVGA Precision\uninstall.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1657 / Warning
Event Submitted/Written: 06/11/2008 08:06:59 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}', feature 'Redist_Package', component '{7D4B5591-4C80-42BB-B0E5-F2C0CEE02C1A}' failed. The resource '' does not exist.

Event Record #/Type1656 / Warning
Event Submitted/Written: 06/11/2008 08:06:56 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}', feature 'Redist_Package' failed during request for component '{7DD61C22-61FD-40E9-9EEA-98D7DA3BAAA2}'

Event Record #/Type1655 / Warning
Event Submitted/Written: 06/11/2008 08:06:56 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}', feature 'Redist_Package', component '{7D4B5591-4C80-42BB-B0E5-F2C0CEE02C1A}' failed. The resource '' does not exist.

Event Record #/Type1654 / Warning
Event Submitted/Written: 06/11/2008 08:06:53 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}', feature 'Redist_Package' failed during request for component '{7DD61C22-61FD-40E9-9EEA-98D7DA3BAAA2}'

Event Record #/Type1653 / Warning
Event Submitted/Written: 06/11/2008 08:06:53 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}', feature 'Redist_Package', component '{7D4B5591-4C80-42BB-B0E5-F2C0CEE02C1A}' failed. The resource '' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type700 / Error
Event Submitted/Written: 06/11/2008 11:17:13 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type663 / Warning
Event Submitted/Written: 06/11/2008 10:58:25 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{82243773-4198-4359-9D79-4D2C11CABDFC}.

Event Record #/Type594 / Error
Event Submitted/Written: 06/11/2008 10:36:08 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x8007f0ea: Cumulative Security Update for Internet Explorer 6 for Windows XP (KB950759).

Event Record #/Type582 / Warning
Event Submitted/Written: 06/11/2008 10:27:57 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type445 / Error
Event Submitted/Written: 06/11/2008 08:52:41 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.



-- End of Deckard's System Scanner: finished at 2008-06-12 00:28:25 ------------

 

[BonKerz]

Deckard's System Scanner v20071014.68
Run by Gray on 2008-06-12 00:26:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2008-06-12 05:26:05 UTC - RP25 - Deckard's System Scanner Restore Point
24: 2008-06-12 05:25:08 UTC - RP24 - Installed DirectX
23: 2008-06-12 04:01:20 UTC - RP23 - Installed Call of Duty(R) 4 - Modern Warfare(TM)
22: 2008-06-12 03:56:35 UTC - RP22 - Software Distribution Service 3.0
21: 2008-06-12 03:32:07 UTC - RP21 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-11 22:34:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Gray.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:24 AM, on 6/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\WINDOWS\ehome\medctrro.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

--
End of file - 4831 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 RTCore32 - c:\program files\evga precision\rtcore32.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_0D06105B&REV_A2\3&2411E6FE&0&49
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_0D06105B&REV_A2\3&2411E6FE&0&49
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_0D06105B&REV_A2\3&2411E6FE&0&80
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_0D06105B&REV_A2\3&2411E6FE&0&80
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_0D06105B&REV_A2\3&2411E6FE&0&88
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_0D06105B&REV_A2\3&2411E6FE&0&88
Service:

 

[BonKerz]

-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 00:25:04 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\media center programs
2008-06-11 23:33:01 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\Malwarebytes
2008-06-11 23:33:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 23:33:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-11 23:28:17 0 d-------- C:\Program Files\Funcom
2008-06-11 23:25:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Funcom
2008-06-11 23:21:55 0 d-------- C:\WINDOWS\LastGood
2008-06-11 22:54:11 0 d-------- C:\Program Files\AnalogX
2008-06-11 22:50:51 0 d-------- C:\Program Files\Trend Micro
2008-06-11 22:26:18 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\Adobe
2008-06-11 22:25:51 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-11 22:22:04 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Xfire
2008-06-11 22:21:34 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\Xfire
2008-06-11 22:05:32 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\AVGTOOLBAR
2008-06-11 22:02:45 0 d-------- C:\WINDOWS\Prefetch
2008-06-11 21:59:54 0 d-------- C:\WINDOWS\system32\en
2008-06-11 21:59:54 0 d-------- C:\WINDOWS\system32\bits
2008-06-11 21:51:29 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\Talkback
2008-06-11 21:02:10 0 d-------- C:\$AVG8.VAULT$
2008-06-11 20:12:37 0 d-------- C:\Program Files\Activision
2008-06-11 20:11:33 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\Macromedia
2008-06-11 20:06:08 0 d-------- C:\Program Files\Xfire
2008-06-11 19:54:19 0 d-------- C:\WINDOWS\Logs
2008-06-11 19:41:58 0 d-------- C:\Program Files\Futuremark
2008-06-11 19:19:17 0 d-------- C:\Program Files\EVGA Precision
2008-06-11 19:03:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-11 19:03:56 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\Mozilla
2008-06-11 18:57:12 0 d-------- C:\Program Files\Messenger
2008-06-11 18:56:55 0 d-------- C:\WINDOWS\system32\scripting
2008-06-11 18:56:54 0 d-------- C:\WINDOWS\l2schemas
2008-06-11 18:54:53 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-11 18:36:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-06-11 18:32:13 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-11 18:32:06 0 d-------- C:\Program Files\AVG
2008-06-11 18:32:06 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-06-11 18:32:04 1310720 --a------ C:\Documents and Settings\Gray.GRAY-043BC1E5E1\ntuser.dat
2008-06-11 18:21:19 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-11 18:19:35 0 d-------- C:\Program Files\Realtek
2008-06-11 18:19:32 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-11 18:19:31 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-11 18:17:49 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\Apple Computer
2008-06-11 18:17:39 0 d-------- C:\Program Files\iPod
2008-06-11 18:17:14 0 d-------- C:\Program Files\Bonjour
2008-06-11 18:16:49 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-06-11 18:16:11 0 d-------- C:\Program Files\Apple Software Update
2008-06-11 18:15:43 0 d-------- C:\Program Files\Common Files\Apple
2008-06-11 18:15:42 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-06-11 18:10:28 0 d-------- C:\Program Files\AMD
2008-06-11 18:07:37 0 d--hs---- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\UserData
2008-06-11 18:04:40 0 d-------- C:\NVIDIA
2008-06-11 18:01:43 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-06-11 18:01:43 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-06-11 18:01:43 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-06-11 18:01:40 0 d-------- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster
2008-06-11 18:01:00 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\U3
2008-06-11 17:34:19 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\Identities
2008-06-11 17:34:10 0 d--h----- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Templates
2008-06-11 17:34:10 0 dr------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Start Menu
2008-06-11 17:34:10 0 dr-h----- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\SendTo
2008-06-11 17:34:10 0 dr-h----- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Recent
2008-06-11 17:34:10 0 d--h----- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\PrintHood
2008-06-11 17:34:10 0 d--h----- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\NetHood
2008-06-11 17:34:10 0 dr------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\My Documents
2008-06-11 17:34:10 0 d--h----- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Local Settings
2008-06-11 17:34:10 0 dr------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Favorites
2008-06-11 17:34:10 0 d-------- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Desktop
2008-06-11 17:34:10 0 d--hs---- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Cookies
2008-06-11 17:34:10 0 dr-h----- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data
2008-06-11 17:33:20 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-06-11 17:33:20 0 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-06-11 17:33:20 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-06-11 17:33:20 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-06-11 17:33:19 262144 --a------ C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-06-11 17:32:48 262144 --a------ C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT
2008-06-11 17:32:48 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings
2008-06-11 17:32:48 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Cookies
2008-06-11 17:32:48 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data
2008-06-11 17:32:48 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Microsoft
2008-06-11 17:29:50 262144 --ah----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2008-06-11 17:28:31 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-06-11 17:26:29 6656 --a------ C:\WINDOWS\system32\wuauserv(3).dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:26:20 170496 --a------ C:\WINDOWS\system32\srsvc(3).dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:26:20 67584 --a------ C:\WINDOWS\system32\srclient(3).dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:26:16 190976 --a------ C:\WINDOWS\system32\schedsvc(3).dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:24:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-11 17:23:17 85504 --a------ C:\WINDOWS\system32\mhn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:23:17 8704 --a------ C:\WINDOWS\system32\igdetect.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:23:17 11008 --a------ C:\WINDOWS\system32\drivers\mhndrv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:20:36 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:20:36 295424 --a------ C:\WINDOWS\system32\termsrv(3).dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:20:35 11264 --a------ C:\WINDOWS\system32\icaapi(3).dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:20:33 62464 --a------ C:\WINDOWS\system32\colbact(3).dll <Not Verified; Microsoft Corporation; COM Services>
2008-06-11 17:20:33 628224 --a------ C:\WINDOWS\system32\catsrvut(3).dll <Not Verified; Microsoft Corporation; COM Services>
2008-06-11 17:20:33 229888 --a------ C:\WINDOWS\system32\catsrv(3).dll <Not Verified; Microsoft Corporation; COM Services>
2008-06-11 17:20:32 501248 --a------ C:\WINDOWS\system32\clbcatq(3).dll <Not Verified; Microsoft Corporation; COM Services>
2008-06-11 12:14:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
2008-06-11 12:14:03 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2008-06-11 12:14:03 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2008-06-11 12:14:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2008-06-11 12:14:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2008-06-11 12:14:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
2008-06-11 12:14:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
2008-06-11 12:14:03 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2008-06-11 12:14:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
2008-06-11 12:14:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
2008-06-11 12:14:03 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2008-06-11 12:14:03 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2008-06-11 12:14:03 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2008-06-11 12:14:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2008-06-11 12:14:03 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-06-11 12:14:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2008-06-11 12:13:46 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2008-06-11 12:13:46 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2008-06-11 12:13:46 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2008-06-11 12:13:46 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-06-10 22:38:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-06-10 21:21:09 0 d-------- C:\WINDOWS\nvidia icons
2008-06-10 21:20:58 0 d-------- C:\WINDOWS\nview
2008-06-10 18:25:50 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Xfire
2008-06-10 17:59:44 0 d-------- C:\Documents and Settings\Gray\Application Data\Xfire
2008-06-10 02:08:00 0 d-------- C:\WINDOWS\system32\Futuremark


-- Find3M Report ---------------------------------------------------------------

2008-06-11 21:59:54 0 d-------- C:\Program Files\Movie Maker
2008-06-11 21:58:23 0 d-------- C:\Program Files\Windows NT
2008-06-11 21:40:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-11 18:15:43 0 d-------- C:\Program Files\Common Files
2008-06-11 12:14:03 62 --ahs---- C:\Documents and Settings\Gray.GRAY-043BC1E5E1\Application Data\desktop.ini
2008-05-07 18:51:47 0 d-------- C:\Program Files\QuickTime
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-24 18:20:36 0 d-------- C:\Program Files\Common Files\InstallShield


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/11/2008 10:05 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/11/2008 10:05 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 04:04 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"RTHDCPL"="RTHDCPL.EXE" [01/09/2008 03:25 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/11/2008 10:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8da10d09-c2f7-11dc-8b54-0018f82aacd5}]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - GTNDIS5
*Newly Created Service* - PNKBSTRA
*Newly Created Service* - PNKBSTRB



-- End of Deckard's System Scanner: finished at 2008-06-12 00:28:25 ------------

 

[techpro5238]

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

------------------------------

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

-----------------------------

Please download Spybot Search & Destroy and AdAware.

Follow all the instructions on this website to run a scan with both of these softwares.

+ If users states they already have it +

I know you said you have already ran Spybot S&D and AdAware, but just to be sure, please make sure you have the latest versions here: Spybot Search & Destroy and AdAware.

Also please be sure you follow the instructions and settings on this website to run a scan with both of these softwares.

-------------------------------

Please download OTCleanIt and save it to Desktop.

• Double-click OTCleanIt.exe
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes

Logs Required In Next Post
------------------------------

Kasperky Scan Log
Panda ActiveScan Log

 

[BonKerz]

I ran kaspersky and here is the log, but Panda didn't seem to work too well... there was not a log for the scan, and the instructions you gave me didn't follow the website that was linked, and once the scan started it went on for about a second then said I was virus free. Spybot found a few tracking cookies and adaware found a few of little things.


Thursday, June 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 00:56:48
Records in database: 857859
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 42749
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:39:21

No malware has been detected. The scan area is clean.
The selected area was scanned.