Jump to content

PLEASE HELP! C:\Windows\System32\lepawahe.dll


Recommended Posts

I have no clue where this came from. My computer was fine one minute and the next ugh. Everytime I open something now there is a pop up that says:

The application or DLL C:\WINDOWS\System32\lepawahe.dll is not a valid Windows image. Please check this against your installation diskette.

I don't have a diskette. I tried Malware bytes scan but it didn't find anything other than tracing cookies. I ran my Avg scan and it found the same. I downloaded the High jack thing and am posting the logs here is hopes that I can get help. Thank you!

-----------------------------------------

LOG

_____________________________

Logfile of random's system information tool 1.05 (written by random/random)

Run by Patrick & Sugarbear at 2009-03-07 19:45:02

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 17 GB (58%) free of 29 GB

Total RAM: 256 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:46:14 PM, on 3/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Patrick & Sugarbear\Desktop\RSIT.exe

C:\Program Files\trend micro\Patrick & Sugarbear.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: COLI Web Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\COLI Web Accelerator\TOOLBAND.DLL (file missing)

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240000917552

O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240000595909

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\lepawahe.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O24 - Desktop Component 0: (no name) - http://www.brookglenfarm.com/Graphics/dog26.jpg

O24 - Desktop Component 1: (no name) - http://www.brookglenfarm.com/Graphics/goldendoodle10.jpg

--

End of file - 6760 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-17 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-17 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8B79EE88-E62D-4AA8-B530-CC357BA112B7} - COLI Web Accelerator - C:\Program Files\COLI Web Accelerator\TOOLBAND.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]

"NeroCheck"=C:\WINDOWS\System32\NeroCheck.exe [2001-07-09 155648]

"PicasaNet"=C:\Program Files\Hello\Hello.exe [2005-01-11 2572288]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-17 148888]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-17 1601304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\WINDOWS\system32\lepawahe.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-02-17 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"AllowLegacyWebView"=

"AllowUnhashedWebView"=

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"

"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Disabled:AVG E-Mail Scanner"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"

"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe:*:Disabled:hpgs2wnf Module"

"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"

"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\Auction Submit\AuctionSubmit3.exe"="C:\Program Files\Auction Submit\AuctionSubmit3.exe:*:Enabled:AuctionSubmit3"

"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Disabled:RealNetworks Rhapsody"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\zukuvega.dll

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\vuhorovo.dll

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\lepawahe.dll

2009-04-17 21:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2009-04-17 21:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2009-04-17 21:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2009-04-17 21:08:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2009-04-17 21:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2009-04-17 21:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2009-04-17 21:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2009-04-17 21:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2009-04-17 21:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-04-17 20:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2009-04-17 20:58:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2009-04-17 20:57:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-04-17 20:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

2009-04-17 20:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-04-17 20:45:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2009-04-17 20:42:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$

2009-04-17 20:38:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2009-04-17 20:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2009-04-17 20:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2009-04-17 20:18:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-04-17 20:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2009-04-17 20:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-04-17 20:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-04-17 20:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$

2009-04-17 16:06:19 ----D---- C:\WINDOWS\system32\CatRoot_bak

2009-04-17 15:50:38 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2009-04-17 15:49:13 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2009-04-17 15:49:12 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2009-04-17 15:49:09 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2009-04-17 15:17:44 ----A---- C:\WINDOWS\system32\javaws.exe

2009-04-17 15:17:44 ----A---- C:\WINDOWS\system32\javaw.exe

2009-04-17 15:17:44 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-04-17 15:17:43 ----A---- C:\WINDOWS\system32\java.exe

2009-04-01 10:04:03 ----A---- C:\WINDOWS\DIIUnin.exe

2009-04-01 08:43:04 ----D---- C:\Program Files\Diablo II

2009-04-01 03:19:28 ----D---- C:\Program Files\Common Files\PokerStars.com

2009-03-07 19:45:11 ----D---- C:\Program Files\trend micro

2009-03-07 19:45:02 ----D---- C:\rsit

2009-03-06 16:32:43 ----D---- C:\Documents and Settings\Patrick & Sugarbear\Application Data\Malwarebytes

2009-03-06 16:31:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-03-03 08:00:11 ----D---- C:\Program Files\Hero Editor

2009-02-26 13:49:47 ----D---- C:\Program Files\Windows Live Safety Center

2009-02-25 06:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

2009-02-22 11:45:24 ----A---- C:\WLCount.Txt

2009-02-22 11:11:15 ----D---- C:\Program Files\Wonderland Online

2009-02-20 06:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2009-02-19 12:05:53 ----HD---- C:\$AVG8.VAULT$

2009-02-19 06:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$

2009-02-19 06:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2009-02-19 06:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$

2009-02-18 22:51:24 ----D---- C:\Program Files\Microsoft

2009-02-18 22:50:45 ----D---- C:\Program Files\Windows Live SkyDrive

2009-02-18 22:49:43 ----D---- C:\Program Files\Windows Live

2009-02-18 22:46:23 ----D---- C:\Program Files\Common Files\Windows Live

2009-02-18 05:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$

2009-02-18 05:25:29 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-02-18 05:25:02 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2009-02-18 05:22:16 ----D---- C:\Program Files\Windows Media Connect 2

2009-02-18 05:21:27 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2009-02-18 05:16:57 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2009-02-18 05:13:57 ----D---- C:\WINDOWS\system32\LogFiles

2009-02-18 05:12:51 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

2009-02-18 05:03:14 ----D---- C:\Program Files\Netflix

2009-02-17 18:34:08 ----D---- C:\daimonin

2009-02-17 18:32:44 ----D---- C:\Program Files\DarkSwords

2009-02-17 12:03:12 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-02-17 12:01:17 ----D---- C:\Program Files\AVG

2009-02-17 12:01:12 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

======List of files/folders modified in the last 1 months======

2009-04-17 22:11:45 ----D---- C:\Documents and Settings\Patrick & Sugarbear\Application Data\Adobe

2009-04-17 22:06:14 ----D---- C:\Program Files\Internet Explorer

2009-04-17 21:06:37 ----D---- C:\WINDOWS\ie7updates

2009-04-17 16:06:18 ----D---- C:\WINDOWS\Debug

2009-04-17 15:51:01 ----D---- C:\WINDOWS\SoftwareDistribution

2009-04-17 15:16:19 ----D---- C:\Program Files\Java

2009-04-02 07:44:41 ----AT---- C:\WINDOWS\system32\SIntfNT.dll

2009-04-02 07:44:41 ----AT---- C:\WINDOWS\system32\SIntf32.dll

2009-04-02 07:44:40 ----AT---- C:\WINDOWS\system32\SIntf16.dll

2009-03-29 04:01:50 ----D---- C:\WINDOWS\system

2009-03-07 19:45:11 ----RD---- C:\Program Files

2009-03-07 17:56:35 ----D---- C:\WINDOWS\network diagnostic

2009-03-07 17:52:09 ----D---- C:\WINDOWS\system32\drivers

2009-03-06 21:31:12 ----D---- C:\WINDOWS\Temp

2009-03-06 16:53:10 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-03-05 21:17:35 ----D---- C:\WINDOWS\system32\CatRoot2

2009-03-03 08:00:52 ----D---- C:\WINDOWS

2009-03-03 08:00:29 ----D---- C:\WINDOWS\system32

2009-03-03 07:59:46 ----N---- C:\WINDOWS\Setup1.exe

2009-03-03 07:59:29 ----A---- C:\WINDOWS\ST6UNST.EXE

2009-02-26 13:51:40 ----HD---- C:\WINDOWS\inf

2009-02-25 06:02:52 ----RSHD---- C:\WINDOWS\system32\dllcache

2009-02-24 13:57:04 ----HD---- C:\WINDOWS\$hf_mig$

2009-02-22 09:22:56 ----D---- C:\WINDOWS\system32\CatRoot

2009-02-20 06:02:18 ----A---- C:\WINDOWS\imsins.BAK

2009-02-18 22:52:48 ----SHD---- C:\WINDOWS\Installer

2009-02-18 22:52:48 ----HD---- C:\Config.Msi

2009-02-18 22:52:07 ----D---- C:\WINDOWS\WinSxS

2009-02-18 22:50:59 ----SD---- C:\Documents and Settings\Patrick & Sugarbear\Application Data\Microsoft

2009-02-18 22:50:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-02-18 22:50:58 ----D---- C:\Program Files\Common Files\Microsoft Shared

2009-02-18 22:50:04 ----RSD---- C:\WINDOWS\Fonts

2009-02-18 22:46:23 ----D---- C:\Program Files\Common Files

2009-02-18 18:28:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-18 18:22:57 ----D---- C:\WINDOWS\AppPatch

2009-02-18 18:00:04 ----D---- C:\Documents and Settings

2009-02-18 05:23:21 ----A---- C:\WINDOWS\win.ini

2009-02-18 05:22:14 ----D---- C:\Program Files\Windows Media Player

2009-02-18 05:21:59 ----D---- C:\WINDOWS\Help

2009-02-11 19:56:18 ----AC---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-17 325128]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-17 27656]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-17 107272]

R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]

R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]

R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]

R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2005-07-04 8413]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]

R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]

R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]

R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]

R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver; C:\WINDOWS\system32\drivers\cwbmidi.sys [2001-08-17 3072]

R3 cwbwdm_device;Crystal WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 72832]

R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]

R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]

S1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys []

S3 atirage3;atirage3; C:\WINDOWS\System32\DRIVERS\atimpae.sys [2001-08-17 75136]

S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-02-10 27344]

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NtApm;NT Apm/Legacy Interface Driver; C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-08-17 9344]

S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2005-01-17 49536]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []

S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-17 903960]

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-17 298264]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-17 152984]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

________________________________________________________________

INFO

________________________________________________________________

info.txt logfile of random's system information tool 1.05 2009-03-07 19:46:25

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Adobe Type Manager 4.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"

AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Daimonin Client 0.967.1 patch 108-->"C:\daimonin\client\unins000.exe"

Dark Swords-->C:\Program Files\DarkSwords\Uninstall.exe

Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat

Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Java 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}

MechWarrior 3-->C:\WINDOWS\IsUninst.exe -fC:\MicroProse\MechWarrior3\Uninst.isu -c"C:\MicroProse\MechWarrior3\Uninst.dll"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}

Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"

Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"

Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"

Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"

Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Ulead Photo Express My Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF404C21-47EB-4FA5-B920-91746874ED43}\setup.exe" -l0x9

Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Update for Windows XP (KB917425)-->"C:\WINDOWS\$NtUninstallKB917425$\spuninst\spuninst.exe"

Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"

Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}

Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe

Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe

Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe

Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe

Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"

Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"

Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

Wonderland Online-->"C:\Program Files\Wonderland Online\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: PATRICK-453RR8N

Event Code: 7036

Message: The Remote Access Connection Manager service entered the running state.

Record Number: 24744

Source Name: Service Control Manager

Time Written: 20070529142351.000000-240

Event Type: information

User:

Computer Name: PATRICK-453RR8N

Event Code: 7035

Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 24743

Source Name: Service Control Manager

Time Written: 20070529142348.000000-240

Event Type: information

User: NT AUTHORITY\SYSTEM

Computer Name: PATRICK-453RR8N

Event Code: 7036

Message: The Telephony service entered the running state.

Record Number: 24742

Source Name: Service Control Manager

Time Written: 20070529142348.000000-240

Event Type: information

User:

Computer Name: PATRICK-453RR8N

Event Code: 7036

Message: The Application Layer Gateway Service service entered the running state.

Record Number: 24741

Source Name: Service Control Manager

Time Written: 20070529142348.000000-240

Event Type: information

User:

Computer Name: PATRICK-453RR8N

Event Code: 7035

Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 24740

Source Name: Service Control Manager

Time Written: 20070529142348.000000-240

Event Type: information

User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: PATRICK-453RR8N

Event Code: 1002

Message: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5

Source Name: Application Hang

Time Written: 20060923000640.000000-240

Event Type: error

User:

Computer Name: PATRICK-453RR8N

Event Code: 1002

Message: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4

Source Name: Application Hang

Time Written: 20060923000639.000000-240

Event Type: error

User:

Computer Name: PATRICK-453RR8N

Event Code: 1002

Message: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3

Source Name: Application Hang

Time Written: 20060921145723.000000-240

Event Type: error

User:

Computer Name: PATRICK-453RR8N

Event Code: 1800

Message: The Windows Security Center Service has started.

Record Number: 2

Source Name: SecurityCenter

Time Written: 20060919185728.000000-240

Event Type: information

User:

Computer Name: PATRICK-453RR8N

Event Code: 1

Message:

Record Number: 1

Source Name: Avg7UpdSvc

Time Written: 20060919185717.000000-240

Event Type: information

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=0702

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Link to post
Share on other sites

  • Root Admin
Malware bytes scan but it didn't find anything other than tracing cookies.

Well not sure what scanner you ran. MBAM does not scan, track, detect, or clean cookies.

Please do not run tools unless asked to.

STEP 01

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)

  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.

    • Update Malwarebytes' Anti-Malware

    • Select the Update tab

    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:

    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

STEP 02

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

STEP 03

    Please create a BOOTLOG

  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.

  • Select "Enable Boot Logging" option and press enter.

  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)

  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows

    If you're already running inside Windows you can enable it the following way.

  • Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG

  • Click on OK and you will be prompted to RESTART Windows. Please do restart now.

  • After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad

  • From the Edit menu choose Select All then Edit, COPY and post that back on your next reply.

  • Note: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator

  • The tab is called BOOT on Vista. Then choose Boot log

STEP 04

RootRepeal - Rootkit Detector

  • Please download the following tool:
    RootRepeal - Rootkit Detector

  • Direct download link is here:
    RootRepeal.rar

  • If you don't already have a program to open a .RAR compressed file you can download a trial version from here:
    WinRAR

  • Extract the program file to a new folder such as
    C:\RootRepeal

  • Run the program
    RootRepeal.exe
    and go to the
    REPORT
    tab and click on the
    Scan
    button

  • Select
    ALL
    of the checkboxes and then click
    OK
    and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

  • When done, click on
    Save Report

  • Save it to the same location where you ran it from, such as
    C:\RootRepeal

  • Save it as
    your_name_rootrepeal.txt
    - where your_name is your
    forum name

  • This makes it more easy to track who the log belongs to.

  • Then open that log and select all and copy/paste it back on your next reply please.

  • Quit the RootRepeal program.

Link to post
Share on other sites

Okay, I believe I have everything. So I'll post them all here.

--------------------------------------------------------------------------------------------------------------------

ATTACH

---------------------------------------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 12/11/2004 7:03:52 PM

System Uptime: 3/8/2009 3:22:52 PM (11 hours ago)

Processor: Intel Pentium III processor | Microprocessor | 447/100mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 29 GiB total, 16.803 GiB free.

D: is CDROM ()

E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}

Description: NT Apm/Legacy Interface Node

Device ID: ROOT\NTAPM\0000

Manufacturer: Microsoft

Name: NT Apm/Legacy Interface Node

PNP Device ID: ROOT\NTAPM\0000

Service: NtApm

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: ATI Technologies, Inc. 3D RAGE PRO AGP 2X

Device ID: PCI\VEN_1002&DEV_4742&SUBSYS_00000000&REV_5C\3&225B1D41&0&0008

Manufacturer: ATI Technologies, Inc.

Name: ATI Technologies, Inc. 3D RAGE PRO AGP 2X

PNP Device ID: PCI\VEN_1002&DEV_4742&SUBSYS_00000000&REV_5C\3&225B1D41&0&0008

Service: atirage3

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 3Com 3C918 Integrated Fast Ethernet Controller (3C905B-TX Compatible)

Device ID: PCI\VEN_10B7&DEV_9055&SUBSYS_00821028&REV_24\2&EBB567F&0&88

Manufacturer: 3Com

Name: 3Com 3C918 Integrated Fast Ethernet Controller (3C905B-TX Compatible)

PNP Device ID: PCI\VEN_10B7&DEV_9055&SUBSYS_00821028&REV_24\2&EBB567F&0&88

Service: EL90XBC

==== System Restore Points ===================

RP38: 2/20/2009 6:00:57 AM - Software Distribution Service 3.0

RP39: 2/22/2009 5:51:46 AM - Software Distribution Service 3.0

RP40: 2/25/2009 6:00:51 AM - Software Distribution Service 3.0

RP41: 3/4/2009 9:55:40 AM - Avg8 Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0

Adobe Type Manager 4.0

AVG Free 8.0

Choice Guard

Daimonin Client 0.967.1 patch 108

Dark Swords

Diablo II

Hero Editor V0.96

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

HP Diagnostic Assistant

Java 6 Update 12

Malwarebytes' Anti-Malware

MechWarrior 3

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

MSN Music Assistant

MSVCRT

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

Nero - Burning Rom

Netflix Movie Viewer

Overland

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB960715)

Segoe UI

Ulead Photo Express My Scrapbook

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB917425)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 11

Windows Movie Maker 2.0

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

Wonderland Online

==== Event Viewer Messages From Past Week ========

4/17/2009 2:41:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATMhelpr

4/17/2009 2:41:04 PM, error: atirage3 [2] - Unable to map required address ranges for graphics card.

4/15/2009 1:32:46 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.

3/16/2009 12:49:26 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

4/17/2009 3:54:14 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -5094157 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|66.227.247.218:123->207.46.197.32:123) is working properly.

==== End Of File ===========================

________________________________________________________________________________

__________-

DDS

-------------------------------------------------------------------------------------------------------------------------

DDS (Ver_09-02-01.01) - NTFSx86

Run by Patrick & Sugarbear at 2:18:32.98 on Mon 03/09/2009

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.256.84 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows NT\Accessories\wordpad.exe

C:\Documents and Settings\Patrick & Sugarbear\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: COLI Web Accelerator: {8b79ee88-e62d-4aa8-b530-cc357ba112b7} - c:\program files\coli web accelerator\TOOLBAND.DLL

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\ypager.exe" -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe

mRun: [PicasaNet] "c:\program files\hello\Hello.exe" -b

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240000917552

DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - hxxp://updates.lifescapeinc.com/installers/pinstall/pinstall.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240000595909

DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234905125082&h=157ab8f4832dceb4a174992584371a4c/&filename=jinstall-6u12-windows-i586-jc.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - hxxp://www.konicaminoltaonline.com/activex/PCAXSetup.cab?

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

AppInit_DLLs: c:\windows\system32\lepawahe.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-17 325128]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-17 27656]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-17 107272]

R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;c:\windows\system32\drivers\cwbmidi.sys [2004-12-11 3072]

R3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [2004-12-11 72832]

S1 ATMhelpr;ATMhelpr; [x]

S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2004-12-11 9344]

=============== Created Last 30 ================

2009-03-08 17:25 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-03-08 17:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-08 17:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-03-07 20:45 <DIR> --d----- c:\program files\trend micro

2009-03-06 17:32 <DIR> --d----- c:\docume~1\patric~1\applic~1\Malwarebytes

2009-03-06 17:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-03-03 09:00 <DIR> --d----- c:\program files\Hero Editor

2009-02-22 12:11 <DIR> --d----- c:\program files\Wonderland Online

2009-02-19 13:05 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-02-18 23:54 <DIR> --d----- c:\documents and settings\patrick & sugarbear\Tracing

2009-02-18 23:51 <DIR> --d----- c:\program files\Microsoft

2009-02-18 23:50 <DIR> --d----- c:\program files\Windows Live SkyDrive

2009-02-18 23:46 <DIR> --d----- c:\program files\common files\Windows Live

2009-02-18 06:22 <DIR> --d----- c:\program files\Windows Media Connect 2

2009-02-18 06:13 <DIR> --d----- c:\windows\system32\LogFiles

2009-02-18 06:03 <DIR> --d----- c:\program files\Netflix

2009-02-17 19:34 <DIR> --d----- C:\daimonin

2009-02-17 19:32 <DIR> --d----- c:\program files\DarkSwords

2009-02-17 13:03 10,520 a------- c:\windows\system32\avgrsstx.dll

2009-02-17 13:03 107,272 a------- c:\windows\system32\drivers\avgtdix.sys

2009-02-17 13:02 325,128 a------- c:\windows\system32\drivers\avgldx86.sys

2009-02-17 13:02 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-02-17 13:01 <DIR> --d----- c:\program files\AVG

2009-02-17 13:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8

==================== Find3M ====================

2009-03-03 08:59 249,856 -------- c:\windows\Setup1.exe

2009-03-03 08:59 73,216 a------- c:\windows\ST6UNST.EXE

2009-02-22 06:36 1,744 a------- c:\windows\system32\d3d9caps.dat

2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll

2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll

2008-12-19 05:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe

2008-12-19 05:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe

2008-12-19 01:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe

2008-12-19 01:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll

2008-12-11 07:57 333,184 -------- c:\windows\system32\dllcache\srv.sys

2005-01-28 20:12 3,426,304 ac------ c:\program files\AdbeRdr70_enu_full.exe

2004-12-12 15:28 5,711,060 ac------ c:\program files\AuctivaMrPoster151.exe

0000-00-00 00:00 0 a--sh--- c:\windows\system32\lepawahe.dll

0000-00-00 00:00 0 a--sh--- c:\windows\system32\vuhorovo.dll

0000-00-00 00:00 0 a--sh--- c:\windows\system32\zukuvega.dll

============= FINISH: 2:21:51.95 ===============

------------------------------------------------------------------------------------------------------------------

BOOTLOG

Service Pack 2 3 9 2009 02:26:34.500

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver intelide.sys

Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Loaded driver fltmgr.sys

Loaded driver sr.sys

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver Mup.sys

Loaded driver agp440.sys

Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys

Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\System32\DRIVERS\psched.sys

Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\System32\DRIVERS\atimpae.sys

Loaded driver \SystemRoot\system32\drivers\cwbmidi.sys

Loaded driver \SystemRoot\system32\drivers\cwbwdm.sys

Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys

Loaded driver \SystemRoot\System32\DRIVERS\nv4_mini.sys

Loaded driver \SystemRoot\System32\DRIVERS\HSFBS2S2.sys

Loaded driver \SystemRoot\System32\DRIVERS\HSFDPSP2.sys

Loaded driver \SystemRoot\System32\DRIVERS\HSFCXTS2.sys

Loaded driver \SystemRoot\System32\Drivers\Modem.SYS

Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\System32\DRIVERS\update.sys

Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys

Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys

Loaded driver \SystemRoot\System32\DRIVERS\parport.sys

Loaded driver \SystemRoot\System32\DRIVERS\serial.sys

Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys

Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys

Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS

Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Did not load driver \SystemRoot\System32\Drivers\ATMhelpr.SYS

Loaded driver \SystemRoot\System32\drivers\vga.sys

Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys

Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys

Loaded driver \SystemRoot\System32\Drivers\avgtdix.sys

Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys

Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS

Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys

Did not load driver \SystemRoot\System32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\System32\Drivers\Fips.SYS

Loaded driver \SystemRoot\System32\Drivers\avgmfx86.sys

Loaded driver \SystemRoot\System32\Drivers\avgldx86.sys

Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS

Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys

Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys

Loaded driver \SystemRoot\system32\drivers\wdmaud.sys

Loaded driver \SystemRoot\system32\drivers\sysaudio.sys

Loaded driver \SystemRoot\system32\drivers\splitter.sys

Loaded driver \SystemRoot\system32\drivers\aec.sys

Loaded driver \SystemRoot\system32\drivers\swmidi.sys

Loaded driver \SystemRoot\system32\drivers\DMusic.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \SystemRoot\system32\drivers\drmkaud.sys

Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS

Loaded driver \SystemRoot\System32\DRIVERS\HSF_FALL.sys

Loaded driver \SystemRoot\System32\DRIVERS\HSF_FSKS.sys

Loaded driver \SystemRoot\System32\DRIVERS\HSF_K56K.sys

Loaded driver \SystemRoot\System32\Drivers\MCSTRM.SYS

Loaded driver \SystemRoot\System32\DRIVERS\mdmxsdk.sys

Loaded driver \SystemRoot\System32\DRIVERS\HSF_FAXX.sys

Loaded driver \SystemRoot\System32\DRIVERS\HSF_TONE.sys

Loaded driver \SystemRoot\System32\DRIVERS\HSF_V124.sys

Loaded driver \SystemRoot\System32\DRIVERS\srv.sys

Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

---------------------------------------------------------------------------------------------------------------------------

ROOTREPEAL

________________________________________________________________________________

____

ROOTREPEAL © AD, 2007-2008

==================================================

Scan Time: 2009/03/09 03:10

Program Version: Version 1.2.3.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xF7256000 Size: 98304 File Visible: No

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xFA158000 Size: 8192 File Visible: No

Status: -

Name: PCI_HAL

Image Path: \Driver\PCI_HAL

Address: 0x00000000 Size: 0 File Visible: No

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xF236A000 Size: 45056 File Visible: No

Status: -

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

-----------------------------

Thank you for helping!

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Please install, update MBAM and post back that log.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.