Solved pesky win32 trojen generic

[Resolved] pesky win32 trojen generic

I have a win32 trojen generic that continues to reappear after deletion with avast 4.8 pro scanning

the next message will have my log file info from hijack this

I hope you can see something in this and help...thnanks alot





info.txt logfile of random's system information tool 1.02 2008-09-23 12:55:47

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG
Adobe? Photoshop? Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Army Ranger: Mogadishu-->E:\PROGRA~1\GROOVE~1\ARMYRA~1\UNWISE.EXE E:\PROGRA~1\GROOVE~1\ARMYRA~1\INSTALL.LOG
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L2 Fast Ethernet Driver-->rundll32.exe C:\WINDOWS\system32\Attansic\L2\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L2 x86 1969 2048 L2
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll ",RunSetup
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BookWorm Deluxe 1.0-->C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
Colin McRae Rally 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19B72AA9-985A-11D4-9C8A-00D0B75D1498}\setup.exe"
Comanche 4-->C:\WINDOWS\IsUninst.exe -f "E:\Program Files\NovaLogic\Comanche 4\Uninst.isu "
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Delta Force 2-->C:\WINDOWS\IsUninst.exe -f "E:\Program Files\NovaLogic\Delta Force 2\Uninst.isu "
DivX Codec-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
F1 2002-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64121E9-B741-4177-00BD-7B228D3F6723}\setup.exe" -l0x9 Uninstall
High Definition Audio Driver Package - KB888111--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Kcast Beta 2.0.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Kitco\Kcast\unkcast.ini "
K-Lite Codec Pack 3.3.3 Full *BETA*--> "C:\Program Files\K-Lite Codec Pack\unins000.exe "
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MotoGP 2007--> "e:\MotoGP 2007\unins000.exe "
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NASCARฎ Racing 2003 Season-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}\SETUP.exe" -l0x9 -uninst
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x1e -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
SCRABBLE-->C:\PROGRA~1\GAMEHO~1\SCRABBLE\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SCRABBLE\INSTALL.LOG
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Skype? 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SPORE(TM)--> "C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x001e -removeonly
TD AMERITRADE StrategyDesk 2.2-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\TD AMERITRADE\StrategyDesk\Uninst.isu "
TD AMERITRADE StrategyDesk 2.3--> "C:\Program Files\InstallShield Installation Information\{57EA09B8-6C88-41EA-B1CC-6310E501A2F9}\setup.exe" -runfromtemp -l0x0009 -removeonly
TL-WN321G Wireless Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B468AE7B-C667-4073-BED8-EAD17D5EE08C}\setup.exe" -l0x9 -removeonly
Tom Clancy's Rainbow Six Vegas-->C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
Trojan Remover 6.7.2--> "C:\Program Files\Trojan Remover\unins000.exe "
TrojanHunter 4.6--> "D:\Program Files\TrojanHunter 4.6\unins000.exe "
Typer Shark Deluxe 1.0-->C:\Program Files\PopCap Games\Typer Shark Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Typer Shark Deluxe\Install.log "
ubi.com-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
VideoCAM GF112-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{088B7BF8-AC95-4348-B77B-619AEB3A74A5} /l1033
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Zuma Star-Wars-->E:\Program Files\Zuma deluxe\StarWars\Uninstal.exe

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 080922-0]

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION "=0f0d
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP

-----------------EOF-----------------

 

log file from hijack this for the above problem "pesky
win32 trojen generic

Logfile of random's system information tool 1.02 (written by random/random)
Run by WINXP at 2008-09-23 12:55:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (53%) free of 31 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:45 PM, on 9/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\WINXP\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\WINXP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.6\THGuard.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1201695400687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201695088515
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8340 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-21 308856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2002-12-31 208952]
"PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-12-31 455168]
"PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-12-31 455168]
"UnlockerAssistant "=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2006-10-05 98304]
"HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2006-10-05 114688]
"Persistence "=C:\WINDOWS\system32\igfxpers.exe [2006-10-05 94208]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"SkyTel "=C:\WINDOWS\SkyTel.EXE [2007-04-04 1822720]
"Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Photo Downloader "=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"StartCCC "=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-21 185896]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"THGuard "=D:\Program Files\TrojanHunter 4.6\THGuard.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"KITCO "=C:\Program Files\Kitco\Kcast\Kcast []
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Skype "=C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"DAEMON Tools Lite "=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe

C:\Documents and Settings\WINXP\Start Menu\Programs\Startup
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-05 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\Program Files\Real\RealPlayer\realplay.exe "= "C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer "
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVP.EXE "= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVP.EXE:*:Enabled:Kaspersky Anti-Virus "
"C:\Program Files\Internet Explorer\IEXPLORE.EXE "= "C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer "
"E:\MotoGP 2007\motogp.exe "= "E:\MotoGP 2007\motogp.exe:*:Enabled:motogp "
"e:\Program Files\BitTorrent\bittorrent.exe "= "e:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"E:\Program Files\THQ\MX vs ATV Unleashed\MXvsATV.exe "= "E:\Program Files\THQ\MX vs ATV Unleashed\MXvsATV.exe:*isabled:MXvsATV "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"E:\Program Files\uTorrent\uTorrent.exe "= "E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent "
"C:\Documents and Settings\WINXP\Desktop\utorrent.exe "= "C:\Documents and Settings\WINXP\Desktop\utorrent.exe:*:Enabled:?Torrent "
"E:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe "= "E:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas "
"E:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe "= "E:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater "
"C:\Program Files\Electronic Arts\EADM\Core.exe "= "C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager "
"E:\Program Files\EA GAMES\Battlefield 2\BF2.exe "= "E:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 "
"G:\NR2003.exe "= "G:\NR2003.exe:*:Enabled:NASCAR Racing 2003 Season "
"E:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe "= "E:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe:*:Enabled:NASCAR Racing 2003 Season "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

======List of files/folders created in the last 3 months======

2008-09-23 12:55:40 ----D---- C:\rsit
2008-09-23 12:53:29 ----D---- C:\Program Files\Trend Micro
2008-09-23 08:27:20 ----D---- C:\Documents and Settings\WINXP\Application Data\TrojanHunter
2008-09-23 08:23:43 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-09-23 07:17:24 ----D---- C:\Documents and Settings\WINXP\Application Data\Simply Super Software
2008-09-22 23:55:52 ----SHD---- C:\FOUND.001
2008-09-22 23:45:34 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2008-09-22 23:45:34 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-09-21 17:52:13 ----D---- C:\Program Files\Sebran
2008-09-17 20:17:11 ----A---- C:\WINDOWS\Sierra.ini
2008-09-16 22:45:01 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-16 22:35:52 ----D---- C:\Documents and Settings\WINXP\Application Data\DAEMON Tools
2008-09-15 20:26:00 ----D---- C:\Documents and Settings\WINXP\Application Data\SPORE
2008-09-15 20:25:20 ----D---- C:\ProgramData
2008-09-15 20:14:45 ----D---- C:\Program Files\Electronic Arts
2008-09-12 16:15:54 ----D---- C:\Documents and Settings\WINXP\Application Data\InstallShield
2008-09-12 11:33:19 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-11 16:31:16 ----SHD---- C:\FOUND.000
2008-09-11 16:28:23 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-11 16:27:50 ----D---- C:\WINDOWS\Prefetch
2008-09-11 16:26:18 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 16:26:14 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-11 16:26:09 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-11 16:26:04 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-11 16:25:58 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-11 16:25:54 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-11 16:25:49 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-11 16:25:44 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-11 16:25:40 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-11 16:25:35 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-11 16:25:29 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-11 16:23:41 ----A---- C:\WINDOWS\setuplog.txt
2008-09-11 16:22:54 ----D---- C:\WINDOWS\system32\scripting
2008-09-11 16:22:54 ----D---- C:\WINDOWS\system32\bits
2008-09-11 16:21:27 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-11 16:16:20 ----HD---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-11 11:46:35 ----HD---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-11 11:46:30 ----A---- C:\WINDOWS\imsins.BAK
2008-09-11 11:46:26 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 09:03:36 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-09 09:03:34 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-09 09:03:33 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-09 09:03:32 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-09 09:03:31 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-09 09:03:30 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-09 09:03:30 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-09 09:03:29 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-09 09:03:29 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-09 09:03:29 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-09 09:03:28 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-09 09:03:27 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-09 09:03:27 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-09 09:03:27 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-09 09:03:26 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-09 09:03:26 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-09 09:03:25 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-09 09:03:25 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-09 09:03:24 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-09 09:03:24 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-09 09:03:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-09 09:03:23 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-09 09:03:23 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-09 09:03:22 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-09 09:03:22 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-09 09:03:21 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-09 09:03:21 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-09 09:03:21 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-09 09:03:21 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-09 09:03:20 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-09 09:03:19 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-09 09:03:19 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-09 09:03:19 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-09 09:03:19 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-09 09:03:18 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-09 09:03:18 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-09 09:03:17 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-09 09:03:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-09 09:03:16 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-09 09:03:14 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-09 09:03:14 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-09 09:03:13 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-09 09:03:12 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-09 09:03:09 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-09 09:03:07 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-09 09:03:01 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-09 09:03:00 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-09 09:02:58 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-09 09:02:58 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-09 09:02:58 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-09 09:02:57 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-09 09:02:57 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-09 09:02:57 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-09 09:02:57 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-09 09:02:57 ----N---- C:\WINDOWS\slrundll.exe
2008-09-09 09:02:56 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-09 09:02:56 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-09 09:02:53 ----A---- C:\WINDOWS\003171_.tmp
2008-09-09 09:02:49 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-09 09:02:48 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-09 09:02:48 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-08-28 19:51:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-08-26 15:50:25 ----D---- C:\Program Files\VideoLAN
2008-08-25 20:17:38 ----D---- C:\Documents and Settings\WINXP\Application Data\uTorrent
2008-08-19 20:08:50 ----D---- C:\divx
2008-08-15 23:32:10 ----HD---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-15 23:32:07 ----HD---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-15 23:32:03 ----HD---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 23:31:59 ----HD---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-15 23:30:56 ----HD---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 23:30:51 ----HD---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-15 23:30:26 ----HD---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-10 22:59:57 ----D---- C:\Documents and Settings\WINXP\Application Data\DivX
2008-08-10 22:58:29 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-08-10 22:58:28 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-08-10 22:58:28 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-08-10 20:35:18 ----D---- C:\Documents and Settings\WINXP\Application Data\BitTorrent
2008-08-10 20:34:39 ----D---- C:\Program Files\BitTorrent
2008-07-28 17:54:48 ----A---- C:\WINDOWS\Acroread.ini
2008-07-28 16:41:23 ----A---- C:\WINDOWS\system32\MSOSS.DLL
2008-07-28 15:55:00 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-07-28 15:55:00 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-07-28 15:55:00 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-07-28 15:54:59 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-07-28 15:54:59 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-07-28 15:54:59 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-07-28 15:54:59 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-07-28 15:54:58 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-07-28 15:54:58 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-07-28 15:54:57 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-07-28 15:54:57 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-07-28 15:54:57 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-07-28 15:54:57 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-07-28 15:54:56 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-07-28 15:54:55 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-07-28 15:54:55 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-07-28 15:54:52 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-07-28 15:54:52 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-07-25 15:36:00 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-07-25 15:34:54 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-07-25 15:34:52 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-07-25 15:34:50 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-07-25 15:34:46 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-07-25 15:34:46 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-07-25 15:34:46 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-07-25 15:34:46 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-07-25 15:34:46 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-07-25 15:34:42 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-07-25 15:34:40 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-07-25 15:34:40 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-07-25 15:34:40 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-07-25 15:34:36 ----A---- C:\WINDOWS\system32\DivX.dll
2008-07-25 15:34:30 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-07-23 23:50:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 23:48:40 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-07-23 23:48:40 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-07-23 23:47:34 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-07-23 23:47:34 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-07-23 23:46:38 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-16 20:12:51 ----D---- C:\Documents and Settings\WINXP\Application Data\WebCompiler3
2008-07-11 09:31:39 ----D---- C:\Program Files\CCleaner
2008-07-09 17:12:40 ----HD---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-05 16:54:34 ----D---- C:\WINDOWS\system32\Adobe
2008-06-24 23:10:44 ----D---- C:\Documents and Settings\WINXP\Application Data\Skype
2008-06-24 23:10:28 ----D---- C:\Program Files\Skype
2008-06-24 23:10:28 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 3 months======

2008-09-23 09:25:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-22 23:05:30 ----ASH---- C:\boot.ini
2008-09-22 23:05:30 ----A---- C:\WINDOWS\win.ini
2008-09-22 23:05:30 ----A---- C:\WINDOWS\system.ini
2008-09-11 16:33:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-02 14:39:22 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-27 03:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-24 21:25:36 ----A---- C:\WINDOWS\cdplayer.ini
2008-07-23 23:50:50 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-07-23 23:50:48 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-07-23 23:50:48 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-07-23 23:50:48 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-07-23 23:50:48 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-07-23 23:50:46 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-07-23 23:50:46 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-07-23 23:50:46 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-07-23 23:50:46 ----N---- C:\WINDOWS\system32\px.dll
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-08 03:26:58 ----A---- C:\WINDOWS\system32\es.dll
2008-06-24 23:43:16 ----A---- C:\WINDOWS\system32\mscms.dll
2008-06-24 18:12:58 ----N---- C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 10:57:40 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-03-06 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2002-12-31 62336]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 28416]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PAC207;VideoCAM GF112; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 RT73;TL-WN321G USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-13 252928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 alkc3vw5;alkc3vw5; C:\WINDOWS\system32\drivers\alkc3vw5.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-05 1181824]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USB_RNDIS;AT-AR236E ADSL Ethernet & USB Router; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-14 12800]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
R01000000 papyjoy;papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-05-12 607576]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

 

Hi
DO NOT double post, you will get no help any faster by doing so.

We are all volunteers here and get to posts in the order they are posted and when we have time.

Geri

 

sorry, first time doing this. I wasn't sure what I was doing

 

Hi
OK can you tell me where Avast is finding the trojan?

Does it show a file path?

Thanks
Geri

 

avast did not find anything this time around.
A couple days ago it detected the win32 trojen generic and I deleted them

I ran a kaspersky online scan and found the following:
C:\System Volume Information\_restore{47BFEC17-F3B8-4CBD-B776-7D5491E73753}\RP2\A0000018.exe
C:\System Volume Information\_restore{47BFEC17-F3B8-4CBD-B776-7D5491E73753}\RP2\A0000032.exe

Infected: not-a-virus:RiskTool.Win32.Reboot.f
Infected: not-a-virus:RiskTool.Win32.Reboot.f

hope this helps, thanks

 

Hi
Those are in your system restore points.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under “Type a description for your restore point…”put a name in the box,. Click Create. In the next window click Close.

That will clear them out. any other problems?

Geri

 

I just ran another kaspersky scan and it came back clean. that worked great.

My other problem...

My sons computer picked up the same **** from what I suspect is a corrupt bittorrent file. This particular trojen-generic has hijacked the wireless connection and will not let me unistall or connect to the internet.

I have scanned it with the avast 4.8 professional and found the following...

name: athcfgllres.dll
location: C:\windows\system32 & C:\DOCUME~1\HPPAVI~1\locals~1\T...
virus: win32:trojan-generic

Is there anything else that you need from me to resolve my sons computer issue.

thanks for all your help..

 

Hi

Yes, you need to download and run this and post the log from his computer.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool.
• At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
• If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of log.txt here in your next reply.

Now the speech.

P2P software ( Limewire, BitTorrent uTorrent etc… ) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Malware and Virus removal.

Geri

 

the log file of my sons computer.....thanks for your help


Logfile of random's system information tool 1.02 (written by random/random)
Run by HP Pavilion at 2008-09-25 12:48:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (58%) free of 20 GB
Total RAM: 511 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:12, on 25/9/2551
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP Pavilion\Local Settings\Temporary Internet Files\Content.IE5\SUNWM1SO\RSIT[1].exe
C:\Program Files\trend micro\HP Pavilion.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dragonballgt.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [TWCU] "D:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1205045873750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205045835656
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O24 - Desktop Component 0: (no name) - http://www.madoogamesd.com/image/ex3.gif
O24 - Desktop Component 1: (no name) - http://cso.winner.co.th/csowin/guide/index_guide.php?
O24 - Desktop Component 2: (no name) - http://www.pixarcars.tv/assets/images/cars-dj.jpg
O24 - Desktop Component 3: (no name) - http://webboard.mthai.com/upload_images_new/2007-04-23/317179.jpg
O24 - Desktop Component 5: (no name) - http://images.google.co.th/imgres?i...B8%9A%E0%B8%B4%E0%B8%99++F16&gbv=2&hl=th&sa=G

--
End of file - 9175 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-06-24 734704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2002-12-31 208952]
"PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-12-31 455168]
"PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-12-31 455168]
"UnlockerAssistant "=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
"SiSUSBRG "=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SiSPower "=C:\WINDOWS\system32\SiSPower.dll [2005-03-04 49152]
"SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"SMSTray "=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-12-14 132624]
"ATICCC "=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast! "=D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"TrojanScanner "=C:\Program Files\Trojan Remover\Trjscan.exe [2006-07-28 309248]
"TWCU "=D:\Program Files\TP-LINK\TWCU\TWCU.exe [2006-03-29 364544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype "=C:\Program Files\Skype\Phone\Skype.exe [2008-02-01 21898024]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-03 68856]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite "=D:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2002-12-31 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=FF000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\AnGo?s Game Collection\Kyodai Mahjongg\kmj.exe "= "C:\Program Files\AnGo?s Game Collection\Kyodai Mahjongg\kmj.exe:*isabled:kmj "
"C:\Program Files\Internet Explorer\iexplore.exe "= "C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer "
"C:\WINDOWS\system32\muzapp.exe "= "C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player "
"C:\WINDOWS\system32\dpnsvr.exe "= "C:\WINDOWS\system32\dpnsvr.exe:*isabled:Microsoft DirectPlay8 Server "
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe "= "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*isabled:Microsoft Flight Simulator "
"C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe "= "C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*isabled:Bf2_w32ded "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent "
"D:\Program Files\EA GAMES\Battlefield 2\BF2.exe "= "D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

======List of files/folders created in the last 3 months======

2008-09-25 12:48:46 ----D---- C:\Program Files\trend micro
2008-09-25 12:48:45 ----D---- C:\rsit
2008-09-25 12:46:02 ----D---- C:\WINDOWS\LastGood
2008-09-25 12:28:21 ----A---- C:\WINDOWS\system32\Install7x.dll
2008-09-22 17:28:31 ----A---- C:\WINDOWS\system32\acs.exe
2008-09-22 17:28:24 ----A---- C:\WINDOWS\system32\wgapi.dll
2008-09-22 17:28:24 ----A---- C:\WINDOWS\system32\wcapi.dll
2008-09-22 17:28:24 ----A---- C:\WINDOWS\system32\athcfg11.dll
2008-09-22 14:21:49 ----D---- C:\WINDOWS\pss
2008-09-20 19:20:08 ----SHD---- C:\Config.Msi
2008-09-20 19:12:56 ----D---- C:\temp
2008-09-20 17:52:40 ----A---- C:\WINDOWS\system32\TRJ_NTAUTO.TMP
2008-09-20 17:42:18 ----D---- C:\Documents and Settings\All Users\Application Data\Trojan Remover
2008-09-20 17:42:06 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2008-09-20 17:42:06 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-09-20 17:42:04 ----D---- C:\Program Files\Trojan Remover
2008-09-18 09:13:38 ----A---- C:\WINDOWS\Sierra.ini
2008-09-17 14:49:23 ----D---- C:\Program Files\GameSpy Arcade
2008-09-17 14:26:55 ----D---- C:\Documents and Settings\HP Pavilion\Application Data\DAEMON Tools
2008-09-15 11:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-14 09:14:19 ----D---- C:\Documents and Settings\HP Pavilion\Application Data\InstallShield
2008-09-14 09:02:00 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-10 13:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 10:35:58 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-10 10:35:58 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-10 10:35:58 ----A---- C:\WINDOWS\system32\java.exe
2008-09-10 10:06:38 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-10 10:06:21 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-09-10 10:05:57 ----D---- C:\WINDOWS\Prefetch
2008-09-10 09:49:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-10 09:49:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-10 09:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-10 09:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-10 09:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-10 09:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-10 09:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-10 09:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-10 09:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-10 09:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-10 09:46:06 ----A---- C:\WINDOWS\setuplog.txt
2008-09-10 09:44:48 ----D---- C:\WINDOWS\system32\scripting
2008-09-10 09:44:47 ----D---- C:\WINDOWS\system32\bits
2008-09-10 09:41:51 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-10 09:38:36 ----A---- C:\WINDOWS\imsins.BAK
2008-09-10 09:34:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-08 19:58:59 ----D---- C:\Documents and Settings\HP Pavilion\Application Data\vlc
2008-09-08 19:58:31 ----D---- C:\Program Files\VideoLAN
2008-09-05 17:29:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-05 17:29:29 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-05 17:29:29 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-05 17:29:18 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-05 17:29:10 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-05 17:29:09 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-05 17:29:08 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-05 17:29:08 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-05 17:29:08 ----N---- C:\WINDOWS\slrundll.exe
2008-09-05 17:29:07 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-05 17:29:07 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-05 17:29:07 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-05 17:29:04 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-05 17:29:02 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-05 17:29:00 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-05 17:28:59 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-05 17:28:58 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-05 17:28:58 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-05 17:28:58 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-05 17:28:56 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-05 17:28:54 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-05 17:28:51 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-05 17:28:45 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-05 17:28:45 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-05 17:28:45 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-05 17:28:44 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-05 17:28:42 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-05 17:28:42 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-05 17:28:25 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-05 17:28:15 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-05 17:28:15 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-05 17:28:05 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-05 17:28:05 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-05 17:28:01 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-05 17:27:57 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-05 17:27:51 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-05 17:27:51 ----A---- C:\WINDOWS\003137_.tmp
2008-09-05 17:27:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-05 17:27:47 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-05 17:27:47 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-05 17:27:47 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-05 17:27:47 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-05 17:27:47 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-05 17:27:47 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-05 17:27:47 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-05 17:27:43 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-05 17:27:43 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-05 17:27:43 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-05 17:27:43 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-05 17:27:43 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-05 17:27:43 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-05 17:27:43 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-05 17:27:42 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-05 17:27:42 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-05 17:27:41 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-05 17:27:38 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-05 17:27:32 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-05 17:27:28 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-05 17:27:27 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-05 17:27:26 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-05 14:42:00 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-03 09:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-03 09:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-03 09:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-03 09:39:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-03 09:38:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-03 09:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-03 09:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-03 09:10:38 ----D---- C:\Program Files\uTorrent
2008-09-03 09:10:29 ----D---- C:\Documents and Settings\HP Pavilion\Application Data\uTorrent
2008-08-16 07:24:34 ----D---- C:\WINDOWS\system32\LogFiles
2008-07-31 14:02:38 ----D---- C:\Documents and Settings\HP Pavilion\Application Data\Symantec
2008-07-28 18:07:18 ----A---- C:\WINDOWS\Acroread.ini
2008-07-28 14:09:28 ----A---- C:\WINDOWS\system32\MSOSS.DLL
2008-07-27 15:53:22 ----D---- C:\Program Files\NovaLogic
2008-07-23 17:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-11 10:08:46 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-07-11 09:45:20 ----D---- C:\Program Files\CCleaner
2008-07-10 20:01:36 ----D---- C:\Program Files\Virtools
2008-07-08 17:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-07-08 15:23:48 ----D---- C:\Program Files\EA Sports
2008-07-08 14:35:12 ----D---- C:\WINDOWS\system32\Adobe

======List of files/folders modified in the last 3 months======

2008-09-25 12:48:46 ----RD---- C:\Program Files
2008-09-25 12:48:15 ----D---- C:\WINDOWS\Temp
2008-09-25 12:47:42 ----D---- C:\Documents and Settings\HP Pavilion\Application Data\Skype
2008-09-25 12:46:02 ----D---- C:\WINDOWS\system32\drivers
2008-09-25 12:46:02 ----D---- C:\WINDOWS
2008-09-25 12:44:37 ----HD---- C:\WINDOWS\inf
2008-09-25 12:28:21 ----D---- C:\WINDOWS\system32
2008-09-25 12:28:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-25 12:27:55 ----D---- C:\Program Files\TP-LINK
2008-09-25 12:26:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-25 11:52:40 ----D---- C:\Documents and Settings\HP Pavilion\Application Data\skypePM
2008-09-24 19:43:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-24 19:31:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-23 13:26:43 ----SHD---- C:\System Volume Information
2008-09-23 13:26:43 ----D---- C:\WINDOWS\system32\Restore
2008-09-23 13:09:07 ----SH---- C:\boot.ini
2008-09-23 13:09:07 ----A---- C:\WINDOWS\win.ini
2008-09-23 13:09:07 ----A---- C:\WINDOWS\system.ini
2008-09-22 17:28:49 ----D---- C:\WINDOWS\security
2008-09-22 17:28:30 ----A---- C:\WINDOWS\system32\results.txt
2008-09-22 14:42:15 ----SHD---- C:\RECYCLER
2008-09-20 19:20:40 ----SHD---- C:\WINDOWS\Installer
2008-09-20 19:15:05 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-17 14:51:38 ----D---- C:\WINDOWS\system32\DirectX
2008-09-17 14:51:37 ----RSD---- C:\WINDOWS\assembly
2008-09-15 11:44:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-15 11:43:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-14 09:11:01 ----D---- C:\Program Files\Rockstar Games
2008-09-14 09:10:13 ----SD---- C:\Documents and Settings\HP Pavilion\Application Data\Microsoft
2008-09-14 09:08:40 ----D---- C:\Program Files\Crave
2008-09-10 13:20:47 ----D---- C:\WINDOWS\Debug
2008-09-10 13:20:36 ----D---- C:\WINDOWS\WinSxS
2008-09-10 10:35:57 ----D---- C:\Program Files\Java
2008-09-10 10:07:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-10 10:05:17 ----D---- C:\WINDOWS\system32\Setup
2008-09-10 10:05:17 ----D---- C:\WINDOWS\AppPatch
2008-09-10 10:05:17 ----D---- C:\Program Files\Messenger
2008-09-10 10:05:16 ----D---- C:\WINDOWS\system32\wbem
2008-09-10 10:05:15 ----RSD---- C:\WINDOWS\Fonts
2008-09-10 09:51:29 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-10 09:45:03 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-10 09:45:03 ----D---- C:\WINDOWS\Network Diagnostic
2008-09-10 09:45:03 ----D---- C:\WINDOWS\ime
2008-09-10 09:45:03 ----D---- C:\WINDOWS\Help
2008-09-10 09:44:49 ----D---- C:\WINDOWS\system32\usmt
2008-09-10 09:44:49 ----D---- C:\WINDOWS\system32\en-us
2008-09-10 09:44:48 ----D---- C:\WINDOWS\l2schemas
2008-09-10 09:44:47 ----D---- C:\WINDOWS\PeerNet
2008-09-10 09:44:47 ----D---- C:\Program Files\Movie Maker
2008-09-10 09:41:43 ----D---- C:\WINDOWS\system32\npp
2008-09-10 09:41:42 ----D---- C:\WINDOWS\mui
2008-09-10 09:41:41 ----D---- C:\WINDOWS\msagent
2008-09-10 09:41:40 ----D---- C:\WINDOWS\srchasst
2008-09-10 09:41:38 ----D---- C:\Program Files\NetMeeting
2008-09-10 09:41:37 ----D---- C:\WINDOWS\system32\Com
2008-09-10 09:41:36 ----D---- C:\Program Files\Windows Media Player
2008-09-10 09:41:35 ----D---- C:\Program Files\Windows NT
2008-09-10 09:41:35 ----D---- C:\Program Files\Outlook Express
2008-09-10 09:41:32 ----D---- C:\Program Files\Common Files\System
2008-09-10 09:41:16 ----D---- C:\WINDOWS\system32\oobe
2008-09-10 09:41:15 ----D---- C:\WINDOWS\system
2008-09-10 09:34:53 ----D---- C:\WINDOWS\ehome
2008-09-05 14:58:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-09-05 14:54:13 ----D---- C:\WINDOWS\system32\config
2008-09-05 14:46:20 ----D---- C:\Documents and Settings\HP Pavilion\Application Data\AVG7
2008-09-04 15:28:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-03 09:45:35 ----D---- C:\Program Files\Internet Explorer
2008-08-27 03:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-14 20:44:55 ----A---- C:\WINDOWS\FISHUI.INI
2008-08-03 20:59:20 ----D---- C:\Program Files\Google
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-16 16:28:53 ----A---- C:\WINDOWS\RtlRack.ini
2008-07-14 20:13:30 ----D---- C:\Program Files\Unlocker
2008-07-11 09:49:54 ----D---- C:\WINDOWS\Minidump
2008-07-10 20:01:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-07-08 19:58:38 ----D---- C:\Documents and Settings\HP Pavilion\Application Data\Macromedia
2008-07-08 19:58:34 ----D---- C:\WINDOWS\system32\Macromed
2008-07-08 14:36:15 ----D---- C:\Documents and Settings\HP Pavilion\Application Data\Adobe
2008-07-08 03:26:58 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-03-04 11776]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-22 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2002-12-31 62336]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RT73;TL-WN321G USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-12-21 470048]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-03-04 243200]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 V0090VID;Creative WebCam Vista Plus; C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 136064]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
R01000000 papyjoy;papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-05-13 607576]
R2 aswUpdSv;avast! iAVS4 Control Service; D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-03 137200]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 ACS;TP-LINK Configuration Service; C:\WINDOWS\system32\acs.exe [2005-12-30 36864]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2002-12-31 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------

 

Hi
OK nothing jumping out at me here.

Lets get a on line scan.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please do an online scan with Kaspersky WebScanner

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Kaspersky scan:

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 57335
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:08:17

No malware has been detected. The scan area is clean.
The selected area was scanned.

I did an avast scan yesterday and found the following:
9/25/2008
A0000024.exe C:\SystemVolumeInformation\_restore
A0000025.exe C:\SystemVolumeInformation\_restore
A0000026.exe D:\SystemVolumeInformation\_restore
pack.exe C:\ProgramFiles\NovaLogic\Comanche4
update.exe CrogramFiles\NovaLogic\Comanche4
UPDATE.EXE D:\ProgramFiles\Delta Force Black Hawk...

9/23/2008
athcfg11res.dll C:\DOCUME~1\HPPAVI~1\LOCALS~1\T
9/22/2008
athcfg11res.dll C:\WINDOWS\system32
athcfg11res.dll C:\DOCUME~1\HPPAVI~1\LOCALS~1\T
9/20/2008
athcfg11res.dll C:\DOCUME~1\HPPAVI~1\LOCALS~1\T
there were 6 found that day, all the same

all of the above were classified as Win32:trojen-generic

The trojen that was in my wireless utility program was the above C:\DOCUME~1\HPPAVI~1\LOCALS~1\T I think.
today I was able to unistall that program, before I was not able to


I have all the above entries in my chest/vault with my avast anti virus. Should I delete them or leave them be.

Next step?

and thank you for your help

 

Hi
Kaspersky shows him clean.

Ok these are in the system restore, so do the instruction as you did above.
A0000024.exe C:\SystemVolumeInformation\_restore
A0000025.exe C:\SystemVolumeInformation\_restore
A0000026.exe D:\SystemVolumeInformation\_restore

These are sometimes listed because of the behavior on wanting to "call home" looking for updates to the games.
pack.exe C:\ProgramFiles\NovaLogic\Comanche4
update.exe CrogramFiles\NovaLogic\Comanche4
UPDATE.EXE D:\ProgramFiles\Delta Force Black Hawk


These seem to be a false/positive with AVast. It is mentioned on their forum. I would leave them be for now. that way if they happen to be needed by any programs you can restore them from the vault.
Make sure his AVast is up to date.

9/23/2008
athcfg11res.dll C:\DOCUME~1\HPPAVI~1\LOCALS~1\T
9/22/2008
athcfg11res.dll C:\WINDOWS\system32
athcfg11res.dll C:\DOCUME~1\HPPAVI~1\LOCALS~1\T
9/20/2008
athcfg11res.dll C:\DOCUME~1\HPPAVI~1\LOCALS~1\T

Let me know how things are running.

Geri

 

Hi Geri,

Looks like we fixed it. I've run a few scans on both systems and nothing is showing up.
I will take your advice and not fool with the P2P stuff.
You really save us and want to say thanks for all the help.

good luck fighting the malware,
sincerely,
Bart

 

Hi Bart

That's good, it will get'cha. I see it over and over people infected because of it.

Glad things are good. you're welcome.

You can delete RSIT.exe from his machine and this folder C:\rsit

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this one resolved.

Surf Safely
Geri