gUSBSTOi.sys is listing as backdoor Trogan in AVG

AVG seems to be warning me of a file called gUSBSTOi.sys located in my local temporary files.

I am not sure what to make of this I haven't gone to any sites that I could think of that would install malware on my PC and it just started coming up out of the blue. AVG did update today so I am wondering if that could have something to do with it.

I don't really know what to make of it because well it's a .sys file thats located in MY NAME/AppData/Local/Temp which doesn't sound right in itself.

AVG says it heals it if I goto heal but my system seems to well not lockup but the loading icon for the game i was trying to launch doesn't go away and I end up having to reboot. At which point AVG tells me again that gUSBSTOi.sys is a "Trogan horse BackDoor.Generic9.CUT" (which means it didn't heal squat).

Can anyone tell me what is going on here and what i need to do to stop this from happening. This is kinda weird I am running Vista Premium Home Edition but I have UAC controls turned off (mainly just cause they tic me off).

Ok This is an interesting development, AVG will delete the file successfully, however it reappears only when I attempt to launch the Game Thief Deadly Shadows (how ironic is that) otherwise it seems to remain dormant remaining undetected by AVG and Vista general search. This is really weird cause I have been playing this game for a couple of weeks now (yes it is a store bought copy) and haven't had this problem before.

 

Hi Tisme
Welcome to Windowsbbs

Please download and install HijackThis and create a log, then a Deckard's System Scanner main.txt log and post them both here.
Links and instructions here.

 

*Hijackthis Log*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:58 PM, on 26/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\RivaTuner v2.04\RivaTuner.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.secondlife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [signup] D:\hb5.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /T
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [AntiSpye] C:\Program Files\AntiSpye\antispye.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: DPWLN - C:\Windows\system32\DPWLEvHd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--
End of file - 10965 bytes

 

*Deckard's Log*

Deckard's System Scanner v20071014.68
Run by Paul on 2007-11-26 17:54:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
39: 2007-11-25 12:48:34 UTC - RP184 - Installed Thief - Deadly Shadows
38: 2007-11-25 12:40:55 UTC - RP182 - Removed Thief - Deadly Shadows
37: 2007-11-25 04:30:42 UTC - RP180 - Scheduled Checkpoint
36: 2007-11-24 04:24:10 UTC - RP179 - Scheduled Checkpoint
35: 2007-11-21 23:26:58 UTC - RP178 - Scheduled Checkpoint


-- First Restore Point --
1: 2007-11-08 01:12:21 UTC - RP134 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Paul.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:15 PM, on 26/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\RivaTuner v2.04\RivaTuner.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Paul\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Paul.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.secondlife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [signup] D:\hb5.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /T
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [AntiSpye] C:\Program Files\AntiSpye\antispye.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: DPWLN - C:\Windows\system32\DPWLEvHd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--
End of file - 11022 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 NVR0Dev - \??\c:\windows\nvoclock.sys
R3 RivaTuner32 - \??\c:\program files\rivatuner v2.04\rivatuner32.sys

S0 NVStrap - c:\windows\system32\drivers\nvstrap.sys
S3 U81xbus (LGE U8XXX driver (WDM)) - c:\windows\system32\drivers\u81xbus.sys <Not Verified; MCCI; LG Electronics U8110>
S3 U81xmdfl (LGE U8XXX USB WMC Modem Filter) - c:\windows\system32\drivers\u81xmdfl.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Modem Filter Driver>
S3 U81xmdm (LGE U8XXX USB WMC Modem Driver) - c:\windows\system32\drivers\u81xmdm.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Modem>
S3 U81xmgmt (LGE U8XXX USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\u81xmgmt.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Device Management>
S3 U81xobex (LGE U8XXX USB WMC OBEX Interface) - c:\windows\system32\drivers\u81xobex.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC OBEX Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe "
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-26 16:48:15 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{A912F1B3-F745-4B87-B6FA-4FC259CD07ED}.job


-- Files created between 2007-10-26 and 2007-11-26 -----------------------------

2007-11-26 17:47:38 0 d-------- C:\Program Files\Trend Micro
2007-11-25 22:48:29 0 d-------- C:\Program Files\Thief - Deadly Shadows <THIEF-~1>
2007-11-25 22:36:44 0 d-------- C:\lgfolderB
2007-11-25 22:30:51 0 d-------- C:\Temp
2007-11-25 19:35:36 0 d-------- C:\Program Files\Security Task Manager
2007-11-25 18:24:29 0 dr-h----- C:\$VAULT$.AVG
2007-11-22 12:31:28 0 d-------- C:\Program Files\SecondLifeWindLight
2007-11-16 09:35:00 0 d-------- C:\Program Files\Black Isle
2007-11-16 00:55:51 0 d-------- C:\lgfolderp
2007-11-14 19:28:57 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2007-11-14 07:56:04 0 d--h----- C:\LGFolder
2007-11-14 07:41:05 0 d-------- C:\Windows\lgpftÃOXC
2007-11-14 03:04:00 0 d-------- C:\Windows\lgpftôƒ½Uàà
2007-11-14 02:04:53 0 d-------- C:\Windows\lgpft•ëìY
2007-11-14 01:53:17 0 d-------- C:\Windows\lgpft‚`‘qÿÿ
2007-11-14 01:49:44 0 d--h----- C:\Windows\LGPFT
2007-11-14 00:06:00 77472 --a------ C:\Windows\system32\drivers\U81xmgmt.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Device Management>
2007-11-14 00:04:03 75456 --a------ C:\Windows\system32\drivers\U81xobex.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC OBEX Interface>
2007-11-14 00:00:49 84480 --a------ C:\Windows\system32\drivers\U81xmdm.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Modem>
2007-11-14 00:00:49 6064 --a------ C:\Windows\system32\drivers\U81xmdfl.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Modem Filter Driver>
2007-11-14 00:00:49 6144 --a------ C:\Windows\system32\drivers\U81xcmnt.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC OBEX Interface>
2007-11-14 00:00:49 6144 --a------ C:\Windows\system32\drivers\U81xcm.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC OBEX Interface>
2007-11-13 23:59:44 5744 --a------ C:\Windows\system32\drivers\U81xwhnt.sys <Not Verified; MCCI; LG Electronics U8110>
2007-11-13 23:59:44 5744 --a------ C:\Windows\system32\drivers\U81xwh.sys <Not Verified; MCCI; LG Electronics U8110>
2007-11-13 23:59:44 52352 --a------ C:\Windows\system32\drivers\U81xbus.sys <Not Verified; MCCI; LG Electronics U8110>
2007-11-13 23:54:57 0 d-------- C:\Program Files\LG PC Suite
2007-11-12 21:26:19 0 d-------- C:\Users\All Users\NVIDIA
2007-11-12 21:21:44 0 d-------- C:\NVIDIA
2007-11-09 18:41:28 0 d-------- C:\Program Files\iPod
2007-11-09 18:41:24 0 d-------- C:\Program Files\iTunes
2007-11-09 18:40:01 0 d-------- C:\Program Files\QuickTime
2007-11-03 18:29:45 0 d-------- C:\Program Files\DeepPaint3D
2007-11-03 17:44:26 0 d-------- C:\Program Files\backburner 2
2007-11-03 17:44:25 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-11-03 17:43:43 0 d-------- C:\Users\All Users\Autodesk
2007-11-03 17:43:43 0 d-------- C:\3dsmax7
2007-11-03 17:02:04 0 d-------- C:\Program Files\Sony
2007-11-03 17:01:22 0 d-------- C:\Program Files\Sony Setup
2007-11-01 19:40:48 0 d-------- C:\Users\All Users\AppData
2007-11-01 19:38:04 0 d-------- C:\Windows\system32\WTablet
2007-11-01 19:37:59 0 d-------- C:\Program Files\Tablet


-- Find3M Report ---------------------------------------------------------------

2007-11-26 17:49:44 0 d-------- C:\Users\Paul\AppData\Roaming\Xfire
2007-11-26 14:41:12 0 d-------- C:\Users\Paul\AppData\Roaming\Skype
2007-11-26 14:40:16 0 d-------- C:\Users\Paul\AppData\Roaming\WTablet
2007-11-25 22:42:41 0 d-------- C:\Users\Paul\AppData\Roaming\AVG7
2007-11-24 13:13:10 0 d-------- C:\Program Files\GetRight
2007-11-22 12:31:45 0 d-------- C:\Users\Paul\AppData\Roaming\SecondLife
2007-11-20 09:12:45 0 d-------- C:\Program Files\Xfire
2007-11-18 14:54:03 0 d-------- C:\Program Files\SpeedFan
2007-11-14 19:16:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-14 07:48:06 0 d-------- C:\Program Files\Windows Mail
2007-11-14 00:08:02 0 d-------- C:\Users\Paul\AppData\Roaming\LG Electronics
2007-11-13 18:21:25 0 d-------- C:\Users\Paul\AppData\Roaming\Adobe
2007-11-13 18:20:30 0 d-------- C:\Users\Paul\AppData\Roaming\AdobeUM
2007-11-08 12:47:27 0 d-------- C:\Program Files\SecondLife
2007-11-03 17:44:25 0 d-------- C:\Program Files\Common Files
2007-11-03 17:02:52 0 d-------- C:\Users\Paul\AppData\Roaming\Sony
2007-10-19 21:14:14 0 d-------- C:\Program Files\TechSmith
2007-10-19 21:12:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-19 21:08:29 0 d-------- C:\Program Files\AntiSpye
2007-10-17 15:25:53 0 d-------- C:\Program Files\directx
2007-10-16 08:20:12 0 d-------- C:\Program Files\MindArk
2007-10-15 12:55:37 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-11 13:01:52 0 d-------- C:\Users\Paul\AppData\Roaming\Ahead
2007-10-11 03:57:03 0 d-------- C:\Program Files\Futuremark
2007-10-10 23:32:53 0 d-------- C:\Users\Paul\AppData\Roaming\GetRightToGo
2007-10-10 21:45:09 0 d-------- C:\Program Files\GIGABYTE
2007-10-10 21:44:14 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-05 10:38:30 0 d-------- C:\Program Files\SystemRequirementsLab
2007-10-05 10:38:25 0 d-------- C:\Users\Paul\AppData\Roaming\SystemRequirementsLab
2007-10-05 10:37:50 671 --a------ C:\Windows\mozver.dat
2007-10-05 10:37:43 0 d-------- C:\Program Files\Java
2007-10-05 10:35:39 0 d-------- C:\Program Files\Common Files\Java
2007-10-01 21:54:04 0 d-------- C:\Program Files\NCSoft
2007-09-30 02:22:14 0 d-------- C:\Program Files\Guild Wars
2007-09-29 08:42:21 0 -rahs---- C:\MSDOS.SYS
2007-09-29 08:42:21 0 -rahs---- C:\IO.SYS
2007-09-29 08:09:47 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-27 16:41:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 22:47:46 0 --a------ C:\Windows\nsreg.dat
2007-09-14 16:15:29 174 --ahs---- C:\Program Files\desktop.ini
2007-09-11 19:17:30 81920 --a------ C:\Windows\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [14/09/2007 04:11 PM]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 03:57 PM]
"signup "= "D:\hb5.exe" []
"SpeedTouch USB Diagnostics "= "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [06/06/2002 11:15 AM]
"itype "= "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [21/11/2006 05:08 PM]
"DPAgnt "= "C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [09/10/2006 04:27 PM]
"OpwareSE2 "= "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [08/05/2003 11:00 AM]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [25/10/2007 09:51 AM]
"RivaTuner "= "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" [16/09/2007 01:40 AM]
"Adobe Version Cue CS2 "= "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 06:58 PM]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 08:52 PM]
"@ "=" " []
"RtHDVCpl "= "RtHDVCpl.exe" [23/04/2007 05:51 PM C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"AntiSpye "= "C:\Program Files\AntiSpye\antispye.exe" []
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 08:16 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [02/11/2007 06:36 PM]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [04/10/2007 05:14 PM]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [04/10/2007 05:14 PM]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [04/10/2007 05:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 10:35 PM]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [02/11/2006 10:35 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 07:03 PM]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [31/08/2007 05:40 PM]
"NVIDIA nTune "= "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [03/07/2007 12:32 PM]

C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [15/11/2007 11:00:40 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [29/09/2007 8:16:47 AM]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 7:16:50 PM]
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [16/10/2007 8:17:48 AM]
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [14/11/2007 1:32:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"EnableLUA "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 27/09/2007 05:13 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\Windows\system32\DPWLEvHd.dll 09/10/2006 04:27 PM 99856 C:\Windows\System32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cac013a-61ab-11dc-acde-806e6f6e6963}]
AutoRun\command- D:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-11-26 17:57:33 ------------

 

Hi Tisme
I've asked noadhfear to step in here, You have some strange folders that he may want sent to him for analysis.

Thanks
Geri

 

Hi Tisme

Do you have Hardball5 on cd, or have you run it from a cd?

Please to upload the file C:\Windows\system32\CmdLineExt03.dll for analysis, as well as the gUSBSTOi.sys file (you may have to turn off AVG's realtime monitoring to get it).

Geri mentioned some oddly named folders, and after reviewing your log, my first question is; did you install C:\Program Files\LG PC Suite? Cell phone software? If so, do you happen to know the exact package you installed. I'd like to check it out to see if the folders in question are related. The first few letters of their name suggest they might be. I'm listing what I feel may be associated for you. You may also be able to view their contents properties and tell if they are related.


C:\lgfolderB
C:\lgfolderp
C:\LGFolder << hidden folder
C:\Windows\lgpftÃOXC
C:\Windows\lgpftôƒ½Uàà
C:\Windows\lgpft•ëìY
C:\Windows\lgpft‚`‘qÿÿ
C:\Windows\LGPFT << hidden folder

Let me know if you need instructions for viewing those hidden folders.

 

Hi noahdfear

Yes all those LG files are from my Cell Phone Software so if you you are concerned about them at all I doubt if they have any serious relevance to the Issue at hand I have had them installed for months now without issue.
However if you insist on checking them out the suite is the software package for the LG U8360.

Hardball5? No I am not familiar with that title at all. So no I don't have it on CD nor have I downloaded it or run it.

I will attempt to get you a copy of CmdLineExt03.dll & gUSBSTOi.sys asap.
I caught this reply pretty late at night so I will endeavour to upload a copy of it in the Morning for you to take a squiz at.

If it helps any the gUSBSTOi.sys as detected by AVG went off like a bastard when installing Hijackthis and Deckard's so that might mean something. Otherwise after testing several standard applications on my system. The game Thief Deadly Shadows seems to be the only thing that triggers it at all.

I hope that helps. Regards Tisme

 

I'm not necessarily doubting those LG folders are all associated with the LG PC Suite software, though I am now confused. You stated that;

yet your log clearly shows otherwise. Creation dates on LG related files in red below, from your log.

2007-11-25 22:36:44 0 d-------- C:\lgfolderB
2007-11-16 00:55:51 0 d-------- C:\lgfolderp
2007-11-14 07:56:04 0 d--h----- C:\LGFolder
2007-11-14 07:41:05 0 d-------- C:\Windows\lgpftÃOXC
2007-11-14 03:04:00 0 d-------- C:\Windows\lgpftôƒ½Uàà
2007-11-14 02:04:53 0 d-------- C:\Windows\lgpft•ëìY
2007-11-14 01:53:17 0 d-------- C:\Windows\lgpft‚`‘qÿÿ
2007-11-14 01:49:44 0 d--h----- C:\Windows\LGPFT
2007-11-14 00:06:00 77472 --a------ C:\Windows\system32\drivers\U81xmgmt.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Device Management>
2007-11-14 00:04:03 75456 --a------ C:\Windows\system32\drivers\U81xobex.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC OBEX Interface>
2007-11-14 00:00:49 84480 --a------ C:\Windows\system32\drivers\U81xmdm.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Modem>
2007-11-14 00:00:49 6064 --a------ C:\Windows\system32\drivers\U81xmdfl.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Modem Filter Driver>
2007-11-14 00:00:49 6144 --a------ C:\Windows\system32\drivers\U81xcmnt.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC OBEX Interface>
2007-11-14 00:00:49 6144 --a------ C:\Windows\system32\drivers\U81xcm.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC OBEX Interface>
2007-11-13 23:59:44 5744 --a------ C:\Windows\system32\drivers\U81xwhnt.sys <Not Verified; MCCI; LG Electronics U8110>
2007-11-13 23:59:44 5744 --a------ C:\Windows\system32\drivers\U81xwh.sys <Not Verified; MCCI; LG Electronics U8110>
2007-11-13 23:59:44 52352 --a------ C:\Windows\system32\drivers\U81xbus.sys <Not Verified; MCCI; LG Electronics U8110>
2007-11-13 23:54:57 0 d-------- C:\Program Files\LG PC Suite

And the creation date of the LG related startup item in red.

LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [14/11/2007 1:32:43 AM]

Lets stay on the same page ........ was the software installed a couple months ago or 2 weeks ago? Frankly, the only one's I was concerned with are the ones with the strange characters in the name.

C:\Windows\lgpftÃOXC
C:\Windows\lgpftôƒ½Uàà
C:\Windows\lgpft•ëìY
C:\Windows\lgpft‚`‘qÿÿ

Are those verifiable, by their contents, as part of the same software package?

 

Ok yep sure My bad. A couple of weeks ago seems right. Yes I will admit the that ones with the odd characters in them look a little off. Do you want me to find and Upload them for you?

BTW if there are other issues that seem more pressing than this one and require more immediate attention feel free to kinda put me on the back burner.

I am trying to get you those files you requested on Monday, but I have been rather busy I will find them for you now.

 

No back burners here. We just try to take 'em as we get 'em.

Lets just run a batch to get a directory listing of those folders.

Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

Filename: check.bat
Save as type: All Files (*.*)

Double click check.bat to run it. It will open check.txt when it completes. Please post it's contents.

 

*Here ya go, yea i had a look at these last night and they all seemed to be empty. Also how do we go about uploading a file to here so i can give you those files you wanted*

Volume in drive C has no label.
Volume Serial Number is 9C14-8E05

Directory of C:\lgfolderB

25/11/2007 10:36 PM <DIR> .
25/11/2007 10:36 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 225,300,197,376 bytes free
Volume in drive C has no label.
Volume Serial Number is 9C14-8E05

Directory of C:\lgfolderp

16/11/2007 12:55 AM <DIR> .
16/11/2007 12:55 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 225,300,197,376 bytes free
Volume in drive C has no label.
Volume Serial Number is 9C14-8E05

 

Hmmm ......... appears the command processor had some trouble with those odd characters. They don't even show up in the log. Are they empty as well? I would suggest you remove all of those listed in my last post if they're empty. While similarly named, I'm not convinced they are part of the LG PC Suite software. We should have checked the following hidden folder too.

C:\LGFolder

My apologies. I forgot to leave a link to upload the files. Please submit them to my submission channel. Leave a link back to this topic.

Thanks!