BleepingComputer.com: Running Slow

My computer seems to be running slow i just have a hijack log to look at.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:09 AM, on 11/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [\\JAF\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P36 "\\JAF\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra 'Tools' menuitem: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222627551750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222691785234
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8893 bytes

Hello jafwiz


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  
• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jaf at 2008-11-08 16:09:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 184 GB (83%) free of 221 GB
Total RAM: 2039 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:02 PM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
R:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jaf.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [\\JAF\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P36 "\\JAF\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra 'Tools' menuitem: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222627551750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222691785234
O17 - HKLM\System\CCS\Services\Tcpip\..\{45285544-6853-4EB3-B415-A53AEC88E814}: NameServer = 66.174.95.44 69.78.96.14
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8996 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-27 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-27 162328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-27 137752]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"\\JAF\EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-04 99840]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe [2006-03-09 1404928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Power2GoExpress"= []
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut]
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe [2007-11-15 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut_Utility]
C:\Program Files\Lenovo\EnergyCut\utilty.exe [2005-11-14 2506752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility]
C:\Program Files\Lenovo\EnergyCut\utilty.exe [2005-11-14 2506752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2006-05-05 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2006-05-05 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe [2007-10-26 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler]
C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe [2006-05-05 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFacePassManager]
C:\Program Files\Lenovo\VeriFace\PManage.exe [2008-09-28 241664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-22 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2004-11-01 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PicNotify]
C:\WINDOWS\system32\PicNotify.dll [2008-09-28 622592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe"="C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\mIRC\mirc.exe"="C:\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\tskmgr.exe"="C:\WINDOWS\system32\tskmgr.exe:*:Disabled:tskmgr"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-08 16:09:54 ----D---- C:\rsit
2008-11-07 10:59:45 ----D---- C:\Wallpapers
2008-11-03 14:56:41 ----D---- C:\Quiz
2008-11-02 19:29:18 ----D---- C:\Program Files\Trend Micro
2008-11-02 19:22:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-02 19:14:18 ----D---- C:\Program Files\uTorrent
2008-11-02 19:14:11 ----D---- C:\Documents and Settings\Jaf\Application Data\uTorrent
2008-11-02 08:48:26 ----D---- C:\Documents and Settings\Jaf\Application Data\Zeon
2008-11-02 08:46:55 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-11-02 08:46:51 ----D---- C:\Documents and Settings\All Users\Application Data\zeon
2008-11-02 08:46:50 ----D---- C:\WINDOWS\system32\DocucomRes6
2008-11-02 08:46:21 ----D---- C:\Documents and Settings\Jaf\Application Data\ScanSoft
2008-11-02 08:46:21 ----A---- C:\WINDOWS\BiMonitor.ini
2008-11-02 08:46:20 ----A---- C:\WINDOWS\maxlink.ini
2008-11-02 08:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-11-02 08:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-11-02 08:44:58 ----D---- C:\Program Files\ScanSoft
2008-11-02 08:17:49 ----RA---- C:\WINDOWS\system32\A4SCAN.DLL
2008-11-02 08:15:31 ----D---- C:\attache_winxp_driver
2008-11-02 07:53:57 ----D---- C:\PaperPort Professional 11
2008-10-30 14:43:59 ----A---- C:\WINDOWS\Pltf.INI
2008-10-30 14:39:46 ----A---- C:\WINDOWS\system32\msxbse35.dll
2008-10-30 14:39:46 ----A---- C:\WINDOWS\system32\msexch35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\VBAR332.DLL
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\mstext35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msrpfs35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\mspdox35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msltus35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msjt4jlt.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msjet35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msexcl35.dll
2008-10-30 14:39:44 ----A---- C:\WINDOWS\system32\msrepl35.dll
2008-10-30 14:39:44 ----A---- C:\WINDOWS\system32\JETCOMP.exe
2008-10-30 14:39:43 ----A---- C:\WINDOWS\system32\msjter35.dll
2008-10-30 14:39:43 ----A---- C:\WINDOWS\system32\msjint35.dll
2008-10-30 14:39:40 ----A---- C:\WINDOWS\daoredistInstalled.txt
2008-10-30 14:35:26 ----D---- C:\Charms
2008-10-30 14:35:08 ----D---- C:\BookMark
2008-10-30 14:34:56 ----D---- C:\Walking Sticks
2008-10-30 14:34:27 ----A---- C:\WINDOWS\system32\haspvdd.dll
2008-10-30 14:33:29 ----D---- C:\WINDOWS\DAO
2008-10-30 14:32:40 ----D---- C:\Gravostyle 5 Dynamic_2004
2008-10-30 14:16:17 ----A---- C:\WINDOWS\system32\akscoinst.dll
2008-10-30 14:14:06 ----D---- C:\Program Files\Common Files\Vision Numeric Shared
2008-10-30 14:14:06 ----A---- C:\WINDOWS\Computip.ini
2008-10-30 14:13:56 ----A---- C:\WINDOWS\system32\VN_OCX.TXT
2008-10-30 14:13:20 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2008-10-30 14:13:19 ----D---- C:\GravoStyle5200
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\VN_SYSTEM_NT_DLL.TXT
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\VN_SYSTEM_NT_95_DLL.TXT
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\LEAD51N.DLL
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\Inetwh32.dll
2008-10-27 06:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 19:27:12 ----D---- C:\Blindwrite_Suite_v6.0.5.38
2008-10-17 09:07:35 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-10-17 09:05:10 ----D---- C:\Program Files\DAEMON Tools Pro
2008-10-17 09:01:33 ----D---- C:\Documents and Settings\Jaf\Application Data\DAEMON Tools Pro
2008-10-17 08:03:30 ----D---- C:\DAEMON Tools Pro ADVANCED 4.10.B218.0
2008-10-16 02:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-12 10:33:07 ----D---- C:\WINDOWS\Sun
2008-10-12 10:33:06 ----D---- C:\Documents and Settings\Jaf\Application Data\Sun
2008-10-11 16:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-11 16:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-11 16:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-11 16:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-11 13:51:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-11 13:51:27 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-11 13:51:16 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-11 13:51:08 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-11 13:50:56 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-11 13:50:14 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-11 13:49:48 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-11 13:49:43 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-11 13:09:15 ----D---- C:\Program Files\Yawcam
2008-10-11 13:08:31 ----D---- C:\Program Files\Sun
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\java.exe
2008-10-11 13:04:16 ----D---- C:\Program Files\Java
2008-10-11 12:46:10 ----D---- C:\Program Files\Common Files\Java
2008-10-10 21:20:42 ----A---- C:\WINDOWS\PanelExe.INI
2008-10-10 21:20:24 ----D---- C:\Program Files\LG Drivers
2008-10-10 21:17:34 ----SHD---- C:\Config.Msi
2008-10-10 21:14:22 ----D---- C:\Program Files\Mobile Action
2008-10-10 20:56:49 ----D---- C:\Program Files\BitPim
2008-10-09 22:27:21 ----A---- C:\WINDOWS\system32\hidserv.dll

======List of files/folders modified in the last 1 months======

2008-11-08 16:09:54 ----D---- C:\WINDOWS\Prefetch
2008-11-08 15:56:58 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Merlin CDMA EV-DO Modem.txt
2008-11-08 14:56:05 ----D---- C:\WINDOWS\Temp
2008-11-08 09:35:38 ----D---- C:\Program Files\Mozilla Firefox
2008-11-08 08:58:14 ----D---- C:\Documents and Settings\Jaf\Application Data\Newsbin
2008-11-06 08:21:03 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-06 07:56:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-05 09:23:38 ----D---- C:\WINDOWS
2008-11-05 09:23:38 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-05 09:16:30 ----AD---- C:\WINDOWS\system32
2008-11-05 07:45:55 ----SD---- C:\Documents and Settings\Jaf\Application Data\Microsoft
2008-11-04 07:00:59 ----D---- C:\mIRC
2008-11-03 11:06:08 ----D---- C:\Documents and Settings\Jaf\Application Data\Adobe
2008-11-03 09:00:58 ----HD---- C:\WINDOWS\inf
2008-11-03 07:19:01 ----D---- C:\WINDOWS\system32\drivers
2008-11-02 19:32:19 ----SH---- C:\boot.ini
2008-11-02 19:32:19 ----A---- C:\WINDOWS\win.ini
2008-11-02 19:32:19 ----A---- C:\WINDOWS\system.ini
2008-11-02 19:29:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 19:29:18 ----RD---- C:\Program Files
2008-11-02 08:46:59 ----SHD---- C:\WINDOWS\Installer
2008-11-02 08:46:00 ----D---- C:\WINDOWS\WinSxS
2008-11-02 08:45:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files
2008-11-02 08:17:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-02 08:17:49 ----D---- C:\WINDOWS\twain_32
2008-10-30 14:39:40 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-30 14:33:59 ----RSD---- C:\WINDOWS\Fonts
2008-10-30 14:16:17 ----D---- C:\WINDOWS\system32\Setup
2008-10-29 17:42:10 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 17:13:09 ----D---- C:\Program Files\MP3Miner
2008-10-27 06:09:40 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 07:15:19 ----D---- C:\Program Files\MagicDVDCopier
2008-10-19 13:08:23 ----D---- C:\Newsbin
2008-10-17 13:01:14 ----D---- C:\Documents and Settings\Jaf\Application Data\Ahead
2008-10-16 07:16:35 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-16 07:16:34 ----RSD---- C:\WINDOWS\assembly
2008-10-16 06:51:30 ----D---- C:\Program Files\Internet Explorer
2008-10-16 02:03:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 02:02:54 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 02:02:23 ----D---- C:\WINDOWS\ie7updates
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 06:07:59 ----D---- C:\Documents and Settings\Jaf\Application Data\CyberLink
2008-10-11 16:19:04 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-11 13:51:08 ----D---- C:\Program Files\Windows Media Player
2008-10-11 13:51:05 ----D---- C:\WINDOWS\Help
2008-10-11 13:33:25 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-11 13:27:37 ----D---- C:\Program Files\Movie Maker
2008-10-11 13:27:26 ----D---- C:\WINDOWS\RegisteredPackages

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-23 16984]
R1 awecho;awecho; C:\WINDOWS\system32\drivers\awechomd.sys [2004-03-05 8368]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-11-17 11165]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys [2007-07-27 8832]
R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2004-04-28 328448]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2004-05-11 99968]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-22 161792]
R3 Cam5607;Lenovo Easy Camera; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-11-02 828328]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-22 5762208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
R3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-28 47360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 BulkUsb;Attache USB Scanner; C:\WINDOWS\System32\Drivers\usbscan.sys [2008-04-13 15104]
S3 aqlv3yhc;aqlv3yhc; C:\WINDOWS\system32\drivers\aqlv3yhc.sys []
S3 CapFilt;CapFilt; C:\WINDOWS\system32\drivers\CapFilt.sys [2008-09-28 18048]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe [2007-10-26 262233]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe [2007-10-26 106583]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-10-25 262247]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2004-11-01 106496]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-28 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

Hi jafwiz

Thank you for posting back the Random Random log, however you forgot the Kaspersky log. It is important that you post back what is required as it makes my job easier and ultimately yours too.

Please read this post carefully before proceeding and if you are unsure of anything please ask;

Let's get started;

Step #1
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to proceed please continue below;


Step #2
Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

My advice would be to remove this programme and details are listed below for your assistance;

Add Remove - Control Panel

Click "Start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

uTorrent

Additional instructions can be found here if needed.


Step #3
3aRevealing hidden Files
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

3bRemoval of files

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files(if present):

C:\WINDOWS\system32\tskmgr.exe - <-- this file

3cHiding revealed files
Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.


Step #4
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.

Step #5
Please double click on rsit

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, please save the log and post it here

Finally, Please post back the following information;

• How you wish to proceed - (step #1)
  
• If you removed uTorrent
  
• Kaspersky log
  
• random/random rsit log
  
• How your system is running.

Sorry about that

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 09, 2008 10:09:15
Records in database: 1376472
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
R:\

Scan statistics:
Files scanned: 131217
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:34:53


File name / Threat name / Threats count
C:\Documents and Settings\Jaf\Local Settings\Temp\NER1.tmp\Toolbar.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\Documents and Settings\Jaf\Local Settings\Temp\NER6B3.tmp\Toolbar.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\Documents and Settings\Jaf\Local Settings\Temp\NER86D.tmp\Toolbar.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\WINDOWS\system32\tskmgr.exe Infected: Backdoor.Win32.Rbot.vgg 1

The selected area was scanned.

Hi jafwiz,

Thanks for the Kaspersky log, can you post the results of the other steps.

Cheers

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jaf at 2008-11-09 12:37:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 188 GB (85%) free of 221 GB
Total RAM: 2039 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:29 PM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jaf.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [\\JAF\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P36 "\\JAF\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra 'Tools' menuitem: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222627551750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222691785234
O17 - HKLM\System\CCS\Services\Tcpip\..\{45285544-6853-4EB3-B415-A53AEC88E814}: NameServer = 69.78.96.14 66.174.95.44
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8997 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-27 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-27 162328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-27 137752]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"\\JAF\EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-04 99840]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe [2006-03-09 1404928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Power2GoExpress"= []
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut]
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe [2007-11-15 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut_Utility]
C:\Program Files\Lenovo\EnergyCut\utilty.exe [2005-11-14 2506752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility]
C:\Program Files\Lenovo\EnergyCut\utilty.exe [2005-11-14 2506752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2006-05-05 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2006-05-05 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe [2007-10-26 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler]
C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe [2006-05-05 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFacePassManager]
C:\Program Files\Lenovo\VeriFace\PManage.exe [2008-09-28 241664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-22 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2004-11-01 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PicNotify]
C:\WINDOWS\system32\PicNotify.dll [2008-09-28 622592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe"="C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\mIRC\mirc.exe"="C:\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\tskmgr.exe"="C:\WINDOWS\system32\tskmgr.exe:*:Disabled:tskmgr"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-08 16:09:54 ----D---- C:\rsit
2008-11-07 10:59:45 ----D---- C:\Wallpapers
2008-11-03 14:56:41 ----D---- C:\Quiz
2008-11-02 19:29:18 ----D---- C:\Program Files\Trend Micro
2008-11-02 19:22:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-02 19:14:18 ----D---- C:\Program Files\uTorrent
2008-11-02 19:14:11 ----D---- C:\Documents and Settings\Jaf\Application Data\uTorrent
2008-11-02 08:48:26 ----D---- C:\Documents and Settings\Jaf\Application Data\Zeon
2008-11-02 08:46:55 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-11-02 08:46:51 ----D---- C:\Documents and Settings\All Users\Application Data\zeon
2008-11-02 08:46:50 ----D---- C:\WINDOWS\system32\DocucomRes6
2008-11-02 08:46:21 ----D---- C:\Documents and Settings\Jaf\Application Data\ScanSoft
2008-11-02 08:46:21 ----A---- C:\WINDOWS\BiMonitor.ini
2008-11-02 08:46:20 ----A---- C:\WINDOWS\maxlink.ini
2008-11-02 08:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-11-02 08:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-11-02 08:44:58 ----D---- C:\Program Files\ScanSoft
2008-11-02 08:17:49 ----RA---- C:\WINDOWS\system32\A4SCAN.DLL
2008-11-02 08:15:31 ----D---- C:\attache_winxp_driver
2008-11-02 07:53:57 ----D---- C:\PaperPort Professional 11
2008-10-30 14:43:59 ----A---- C:\WINDOWS\Pltf.INI
2008-10-30 14:39:46 ----A---- C:\WINDOWS\system32\msxbse35.dll
2008-10-30 14:39:46 ----A---- C:\WINDOWS\system32\msexch35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\VBAR332.DLL
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\mstext35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msrpfs35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\mspdox35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msltus35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msjt4jlt.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msjet35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msexcl35.dll
2008-10-30 14:39:44 ----A---- C:\WINDOWS\system32\msrepl35.dll
2008-10-30 14:39:44 ----A---- C:\WINDOWS\system32\JETCOMP.exe
2008-10-30 14:39:43 ----A---- C:\WINDOWS\system32\msjter35.dll
2008-10-30 14:39:43 ----A---- C:\WINDOWS\system32\msjint35.dll
2008-10-30 14:39:40 ----A---- C:\WINDOWS\daoredistInstalled.txt
2008-10-30 14:35:26 ----D---- C:\Charms
2008-10-30 14:35:08 ----D---- C:\BookMark
2008-10-30 14:34:56 ----D---- C:\Walking Sticks
2008-10-30 14:34:27 ----A---- C:\WINDOWS\system32\haspvdd.dll
2008-10-30 14:33:29 ----D---- C:\WINDOWS\DAO
2008-10-30 14:32:40 ----D---- C:\Gravostyle 5 Dynamic_2004
2008-10-30 14:16:17 ----A---- C:\WINDOWS\system32\akscoinst.dll
2008-10-30 14:14:06 ----D---- C:\Program Files\Common Files\Vision Numeric Shared
2008-10-30 14:14:06 ----A---- C:\WINDOWS\Computip.ini
2008-10-30 14:13:56 ----A---- C:\WINDOWS\system32\VN_OCX.TXT
2008-10-30 14:13:20 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2008-10-30 14:13:19 ----D---- C:\GravoStyle5200
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\VN_SYSTEM_NT_DLL.TXT
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\VN_SYSTEM_NT_95_DLL.TXT
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\LEAD51N.DLL
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\Inetwh32.dll
2008-10-27 06:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 19:27:12 ----D---- C:\Blindwrite_Suite_v6.0.5.38
2008-10-17 09:07:35 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-10-17 09:05:10 ----D---- C:\Program Files\DAEMON Tools Pro
2008-10-17 09:01:33 ----D---- C:\Documents and Settings\Jaf\Application Data\DAEMON Tools Pro
2008-10-17 08:03:30 ----D---- C:\DAEMON Tools Pro ADVANCED 4.10.B218.0
2008-10-16 02:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-12 10:33:07 ----D---- C:\WINDOWS\Sun
2008-10-12 10:33:06 ----D---- C:\Documents and Settings\Jaf\Application Data\Sun
2008-10-11 16:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-11 16:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-11 16:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-11 16:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-11 13:51:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-11 13:51:27 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-11 13:51:16 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-11 13:51:08 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-11 13:50:56 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-11 13:50:14 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-11 13:49:48 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-11 13:49:43 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-11 13:09:15 ----D---- C:\Program Files\Yawcam
2008-10-11 13:08:31 ----D---- C:\Program Files\Sun
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\java.exe
2008-10-11 13:04:16 ----D---- C:\Program Files\Java
2008-10-11 12:46:10 ----D---- C:\Program Files\Common Files\Java
2008-10-10 21:20:42 ----A---- C:\WINDOWS\PanelExe.INI
2008-10-10 21:20:24 ----D---- C:\Program Files\LG Drivers
2008-10-10 21:17:34 ----SHD---- C:\Config.Msi
2008-10-10 21:14:22 ----D---- C:\Program Files\Mobile Action
2008-10-10 20:56:49 ----D---- C:\Program Files\BitPim

======List of files/folders modified in the last 1 months======

2008-11-09 12:37:05 ----SHD---- C:\System Volume Information
2008-11-09 12:37:05 ----D---- C:\WINDOWS\system32\Restore
2008-11-09 12:36:46 ----D---- C:\WINDOWS\Prefetch
2008-11-09 12:35:36 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Merlin CDMA EV-DO Modem.txt
2008-11-09 10:54:20 ----D---- C:\WINDOWS\Temp
2008-11-09 09:00:19 ----D---- C:\Program Files\Mozilla Firefox
2008-11-08 08:58:14 ----D---- C:\Documents and Settings\Jaf\Application Data\Newsbin
2008-11-06 08:21:03 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-06 07:56:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-05 09:23:38 ----D---- C:\WINDOWS
2008-11-05 09:23:38 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-05 09:16:30 ----AD---- C:\WINDOWS\system32
2008-11-05 07:45:55 ----SD---- C:\Documents and Settings\Jaf\Application Data\Microsoft
2008-11-04 07:00:59 ----D---- C:\mIRC
2008-11-03 11:06:08 ----D---- C:\Documents and Settings\Jaf\Application Data\Adobe
2008-11-03 09:00:58 ----HD---- C:\WINDOWS\inf
2008-11-03 07:19:01 ----D---- C:\WINDOWS\system32\drivers
2008-11-02 19:32:19 ----SH---- C:\boot.ini
2008-11-02 19:32:19 ----A---- C:\WINDOWS\win.ini
2008-11-02 19:32:19 ----A---- C:\WINDOWS\system.ini
2008-11-02 19:29:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 19:29:18 ----RD---- C:\Program Files
2008-11-02 08:46:59 ----SHD---- C:\WINDOWS\Installer
2008-11-02 08:46:00 ----D---- C:\WINDOWS\WinSxS
2008-11-02 08:45:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files
2008-11-02 08:17:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-02 08:17:49 ----D---- C:\WINDOWS\twain_32
2008-10-30 14:39:40 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-30 14:33:59 ----RSD---- C:\WINDOWS\Fonts
2008-10-30 14:16:17 ----D---- C:\WINDOWS\system32\Setup
2008-10-29 17:42:10 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 17:13:09 ----D---- C:\Program Files\MP3Miner
2008-10-27 06:09:40 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 07:15:19 ----D---- C:\Program Files\MagicDVDCopier
2008-10-19 13:08:23 ----D---- C:\Newsbin
2008-10-17 13:01:14 ----D---- C:\Documents and Settings\Jaf\Application Data\Ahead
2008-10-16 07:16:35 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-16 07:16:34 ----RSD---- C:\WINDOWS\assembly
2008-10-16 06:51:30 ----D---- C:\Program Files\Internet Explorer
2008-10-16 02:03:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 02:02:54 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 02:02:23 ----D---- C:\WINDOWS\ie7updates
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 06:07:59 ----D---- C:\Documents and Settings\Jaf\Application Data\CyberLink
2008-10-11 16:19:04 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-11 13:51:08 ----D---- C:\Program Files\Windows Media Player
2008-10-11 13:51:05 ----D---- C:\WINDOWS\Help
2008-10-11 13:33:25 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-11 13:27:37 ----D---- C:\Program Files\Movie Maker
2008-10-11 13:27:26 ----D---- C:\WINDOWS\RegisteredPackages

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-23 16984]
R1 awecho;awecho; C:\WINDOWS\system32\drivers\awechomd.sys [2004-03-05 8368]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-11-17 11165]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys [2007-07-27 8832]
R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2004-04-28 328448]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2004-05-11 99968]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-22 161792]
R3 Cam5607;Lenovo Easy Camera; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-11-02 828328]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-22 5762208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
R3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-28 47360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 BulkUsb;Attache USB Scanner; C:\WINDOWS\System32\Drivers\usbscan.sys [2008-04-13 15104]
S3 aqlv3yhc;aqlv3yhc; C:\WINDOWS\system32\drivers\aqlv3yhc.sys []
S3 CapFilt;CapFilt; C:\WINDOWS\system32\drivers\CapFilt.sys [2008-09-28 18048]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe [2007-10-26 262233]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe [2007-10-26 106583]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-10-25 262247]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2004-11-01 106496]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-28 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Hi jafwiz,

You need to work with me. At the foot of my post I asked you to reply with several things, I see you have posted the logs but failed to answer the questions.

I will not continue until I receive the answers as these form the basis of how we proceed.

I have copied them below for reference.

• How you wish to proceed - (step #1) - I make the assumption that you wish to continue
  
• If you removed uTorrent - ?
  
• Kaspersky log - received
  
• random/random rsit log - Received
  
• How your system is running.- ?

In addition did you remove the tskmgr.exe file?

Thank you

Yes i do want your help and i am sorry for the mix up i did not understand your requests.

I did not uninstall utorrent but i do not share anything i don't use it that often anyway. How do i remove tskmng.exe. I did a search of my drive and i don't
find it at all is there another way to find it.

My system does not seem that slow anymore. I did remove tskmgr.exe through hijackthis earlier this week that may have done the trick as far as slow but i wanted someone to check my logs to be sure.

Hi jafwiz

I note that you wish to retain uTorrent, that is your choice. All I will say on the matter is that you are here as your computer is infected and that programme could be the cause. Please refrain from using it during this fix as it could undo all the good work we are undertaking.

It may assist to either print out this post or save it to Notepad. As before if you are unsure about anything please let me know.


Step #1
Please download OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

 :processes
 explorer.exe
 :files
 C:\WINDOWS\system32\tskmgr.exe
 :reg
 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 C:\WINDOWS\system32\tskmgr.exe"=-
 :commands
 [emptytemp]
 [start explorer]
 [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Step #2
Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.
  
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
    
  • Then click on the Scan button.
  
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Step #3
Please double click on rsit

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, please save the log and post it here

Finally, Please post back the following

• The log file produced by OTMoveIt3 - instructions at the foot of step #1
  
• The log file produced by Malwarebytes
  
• The log file produced by rsit - step#3
  
• Please tell me if you run in to problems are if your computer is running well.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jaf at 2008-11-10 13:00:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 190 GB (86%) free of 221 GB
Total RAM: 2039 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:21 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
R:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jaf.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [\\JAF\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P36 "\\JAF\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
O4 - HKLM\..\RunOnce: [OTMoveIt] R:\OTMoveIt3.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra 'Tools' menuitem: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222627551750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222691785234
O17 - HKLM\System\CCS\Services\Tcpip\..\{45285544-6853-4EB3-B415-A53AEC88E814}: NameServer = 66.174.95.44 69.78.96.14
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9173 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-27 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-27 162328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-27 137752]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"\\JAF\EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-04 99840]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe [2006-03-09 1404928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OTMoveIt"=R:\OTMoveIt3.exe [2008-11-10 334848]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Power2GoExpress"= []
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut]
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe [2007-11-15 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut_Utility]
C:\Program Files\Lenovo\EnergyCut\utilty.exe [2005-11-14 2506752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility]
C:\Program Files\Lenovo\EnergyCut\utilty.exe [2005-11-14 2506752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2006-05-05 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2006-05-05 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe [2007-10-26 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler]
C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe [2006-05-05 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFacePassManager]
C:\Program Files\Lenovo\VeriFace\PManage.exe [2008-09-28 241664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-22 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2004-11-01 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PicNotify]
C:\WINDOWS\system32\PicNotify.dll [2008-09-28 622592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe"="C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\mIRC\mirc.exe"="C:\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\tskmgr.exe"="C:\WINDOWS\system32\tskmgr.exe:*:Disabled:tskmgr"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-10 12:54:00 ----D---- C:\Documents and Settings\Jaf\Application Data\Malwarebytes
2008-11-10 12:53:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-10 12:53:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-08 16:09:54 ----D---- C:\rsit
2008-11-07 10:59:45 ----D---- C:\Wallpapers
2008-11-03 14:56:41 ----D---- C:\Quiz
2008-11-02 19:29:18 ----D---- C:\Program Files\Trend Micro
2008-11-02 19:22:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-02 19:14:18 ----D---- C:\Program Files\uTorrent
2008-11-02 19:14:11 ----D---- C:\Documents and Settings\Jaf\Application Data\uTorrent
2008-11-02 08:48:26 ----D---- C:\Documents and Settings\Jaf\Application Data\Zeon
2008-11-02 08:46:55 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-11-02 08:46:51 ----D---- C:\Documents and Settings\All Users\Application Data\zeon
2008-11-02 08:46:50 ----D---- C:\WINDOWS\system32\DocucomRes6
2008-11-02 08:46:21 ----D---- C:\Documents and Settings\Jaf\Application Data\ScanSoft
2008-11-02 08:46:21 ----A---- C:\WINDOWS\BiMonitor.ini
2008-11-02 08:46:20 ----A---- C:\WINDOWS\maxlink.ini
2008-11-02 08:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-11-02 08:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-11-02 08:44:58 ----D---- C:\Program Files\ScanSoft
2008-11-02 08:17:49 ----RA---- C:\WINDOWS\system32\A4SCAN.DLL
2008-11-02 08:15:31 ----D---- C:\attache_winxp_driver
2008-11-02 07:53:57 ----D---- C:\PaperPort Professional 11
2008-10-30 14:43:59 ----A---- C:\WINDOWS\Pltf.INI
2008-10-30 14:39:46 ----A---- C:\WINDOWS\system32\msxbse35.dll
2008-10-30 14:39:46 ----A---- C:\WINDOWS\system32\msexch35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\VBAR332.DLL
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\mstext35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msrpfs35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\mspdox35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msltus35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msjt4jlt.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msjet35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msexcl35.dll
2008-10-30 14:39:44 ----A---- C:\WINDOWS\system32\msrepl35.dll
2008-10-30 14:39:44 ----A---- C:\WINDOWS\system32\JETCOMP.exe
2008-10-30 14:39:43 ----A---- C:\WINDOWS\system32\msjter35.dll
2008-10-30 14:39:43 ----A---- C:\WINDOWS\system32\msjint35.dll
2008-10-30 14:39:40 ----A---- C:\WINDOWS\daoredistInstalled.txt
2008-10-30 14:35:26 ----D---- C:\Charms
2008-10-30 14:35:08 ----D---- C:\BookMark
2008-10-30 14:34:56 ----D---- C:\Walking Sticks
2008-10-30 14:34:27 ----A---- C:\WINDOWS\system32\haspvdd.dll
2008-10-30 14:33:29 ----D---- C:\WINDOWS\DAO
2008-10-30 14:32:40 ----D---- C:\Gravostyle 5 Dynamic_2004
2008-10-30 14:16:17 ----A---- C:\WINDOWS\system32\akscoinst.dll
2008-10-30 14:14:06 ----D---- C:\Program Files\Common Files\Vision Numeric Shared
2008-10-30 14:14:06 ----A---- C:\WINDOWS\Computip.ini
2008-10-30 14:13:56 ----A---- C:\WINDOWS\system32\VN_OCX.TXT
2008-10-30 14:13:20 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2008-10-30 14:13:19 ----D---- C:\GravoStyle5200
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\VN_SYSTEM_NT_DLL.TXT
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\VN_SYSTEM_NT_95_DLL.TXT
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\LEAD51N.DLL
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\Inetwh32.dll
2008-10-27 06:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 19:27:12 ----D---- C:\Blindwrite_Suite_v6.0.5.38
2008-10-17 09:07:35 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-10-17 09:05:10 ----D---- C:\Program Files\DAEMON Tools Pro
2008-10-17 09:01:33 ----D---- C:\Documents and Settings\Jaf\Application Data\DAEMON Tools Pro
2008-10-17 08:03:30 ----D---- C:\DAEMON Tools Pro ADVANCED 4.10.B218.0
2008-10-16 02:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-12 10:33:07 ----D---- C:\WINDOWS\Sun
2008-10-12 10:33:06 ----D---- C:\Documents and Settings\Jaf\Application Data\Sun
2008-10-11 16:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-11 16:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-11 16:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-11 16:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-11 13:51:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-11 13:51:27 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-11 13:51:16 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-11 13:51:08 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-11 13:50:56 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-11 13:50:14 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-11 13:49:48 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-11 13:49:43 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-11 13:09:15 ----D---- C:\Program Files\Yawcam
2008-10-11 13:08:31 ----D---- C:\Program Files\Sun
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\java.exe
2008-10-11 13:04:16 ----D---- C:\Program Files\Java
2008-10-11 12:46:10 ----D---- C:\Program Files\Common Files\Java

======List of files/folders modified in the last 1 months======

2008-11-10 12:59:11 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Merlin CDMA EV-DO Modem.txt
2008-11-10 12:54:00 ----D---- C:\WINDOWS\Prefetch
2008-11-10 12:53:59 ----D---- C:\WINDOWS\system32\drivers
2008-11-10 12:53:55 ----RD---- C:\Program Files
2008-11-10 12:51:13 ----D---- C:\WINDOWS\Temp
2008-11-10 12:50:44 ----AD---- C:\WINDOWS\system32
2008-11-10 09:00:33 ----D---- C:\Program Files\Mozilla Firefox
2008-11-09 12:37:05 ----SHD---- C:\System Volume Information
2008-11-09 12:37:05 ----D---- C:\WINDOWS\system32\Restore
2008-11-08 08:58:14 ----D---- C:\Documents and Settings\Jaf\Application Data\Newsbin
2008-11-06 08:21:03 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-06 07:56:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-05 09:23:38 ----D---- C:\WINDOWS
2008-11-05 09:23:38 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-05 07:45:55 ----SD---- C:\Documents and Settings\Jaf\Application Data\Microsoft
2008-11-04 07:00:59 ----D---- C:\mIRC
2008-11-03 11:06:08 ----D---- C:\Documents and Settings\Jaf\Application Data\Adobe
2008-11-03 09:00:58 ----HD---- C:\WINDOWS\inf
2008-11-02 19:32:19 ----SH---- C:\boot.ini
2008-11-02 19:32:19 ----A---- C:\WINDOWS\win.ini
2008-11-02 19:32:19 ----A---- C:\WINDOWS\system.ini
2008-11-02 19:29:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 08:46:59 ----SHD---- C:\WINDOWS\Installer
2008-11-02 08:46:58 ----SHD---- C:\Config.Msi
2008-11-02 08:46:00 ----D---- C:\WINDOWS\WinSxS
2008-11-02 08:45:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files
2008-11-02 08:17:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-02 08:17:49 ----D---- C:\WINDOWS\twain_32
2008-10-30 14:39:40 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-30 14:33:59 ----RSD---- C:\WINDOWS\Fonts
2008-10-30 14:16:17 ----D---- C:\WINDOWS\system32\Setup
2008-10-29 17:42:10 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 17:13:09 ----D---- C:\Program Files\MP3Miner
2008-10-27 06:09:40 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 07:15:19 ----D---- C:\Program Files\MagicDVDCopier
2008-10-19 13:08:23 ----D---- C:\Newsbin
2008-10-17 13:01:14 ----D---- C:\Documents and Settings\Jaf\Application Data\Ahead
2008-10-16 07:16:35 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-16 07:16:34 ----RSD---- C:\WINDOWS\assembly
2008-10-16 06:51:30 ----D---- C:\Program Files\Internet Explorer
2008-10-16 02:03:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 02:02:54 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 02:02:23 ----D---- C:\WINDOWS\ie7updates
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 06:07:59 ----D---- C:\Documents and Settings\Jaf\Application Data\CyberLink
2008-10-11 16:19:04 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-11 13:51:08 ----D---- C:\Program Files\Windows Media Player
2008-10-11 13:51:05 ----D---- C:\WINDOWS\Help
2008-10-11 13:33:25 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-11 13:27:37 ----D---- C:\Program Files\Movie Maker
2008-10-11 13:27:26 ----D---- C:\WINDOWS\RegisteredPackages

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-23 16984]
R1 awecho;awecho; C:\WINDOWS\system32\drivers\awechomd.sys [2004-03-05 8368]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-11-17 11165]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys [2007-07-27 8832]
R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2004-04-28 328448]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2004-05-11 99968]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-22 161792]
R3 Cam5607;Lenovo Easy Camera; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-11-02 828328]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-22 5762208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
R3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-28 47360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 BulkUsb;Attache USB Scanner; C:\WINDOWS\System32\Drivers\usbscan.sys [2008-04-13 15104]
S3 aqlv3yhc;aqlv3yhc; C:\WINDOWS\system32\drivers\aqlv3yhc.sys []
S3 CapFilt;CapFilt; C:\WINDOWS\system32\drivers\CapFilt.sys [2008-09-28 18048]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe [2007-10-26 262233]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe [2007-10-26 106583]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-10-25 262247]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2004-11-01 106496]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-28 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------




========== FILES ==========
C:\WINDOWS\system32\tskmgr.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\tskmgr.exe" not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Jaf\LOCALS~1\Temp\etilqs_LfVVxp1ZqPwhtPZzyQaS scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaf\LOCALS~1\Temp\etilqs_LfVVxp1ZqPwhtPZzyQaS-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaf\LOCALS~1\Temp\etilqs_LUvaGM63u7eAYWYOmhrN scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jaf\Local Settings\Application Data\Mozilla\Firefox\Profiles\paw07jqn.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jaf\Local Settings\Application Data\Mozilla\Firefox\Profiles\paw07jqn.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11102008_125043

Malwarebytes' Anti-Malware 1.30
Database version: 1380
Windows 5.1.2600 Service Pack 3

11/10/2008 1:03:47 PM
mbam-log-2008-11-10 (13-03-47).txt

Scan type: Quick Scan
Objects scanned: 51371
Time elapsed: 1 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi jafwiz

We are getting there, just a few registry entries which are proving to be stubborn.

Step #1

• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

 :processes
 explorer.exe
 :reg
 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 "C:\WINDOWS\system32\tskmgr.exe"=-
 :commands
 [emptytemp]
 [start explorer]
 [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

If you are not asked to reboot your machine please do so before continuing with Step #2


Step #2
Please double click on rsit

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, please save the log and post it here

Finally, Please post back the following

• The log file produced by OTMoveIt3
  
• The log file produced by rsit
  
• Please tell me if you run in to problems are if your computer is running well - Important

Files moved on Reboot...
File C:\DOCUME~1\Jaf\LOCALS~1\Temp\etilqs_LfVVxp1ZqPwhtPZzyQaS not found!
File C:\DOCUME~1\Jaf\LOCALS~1\Temp\etilqs_LfVVxp1ZqPwhtPZzyQaS-journal not found!
File C:\DOCUME~1\Jaf\LOCALS~1\Temp\etilqs_LUvaGM63u7eAYWYOmhrN not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6d8.dat not found!
C:\Documents and Settings\Jaf\Local Settings\Application Data\Mozilla\Firefox\Profiles\paw07jqn.default\OfflineCache\index.sqlite moved successfully.
File move failed. C:\Documents and Settings\Jaf\Local Settings\Application Data\Mozilla\Firefox\Profiles\paw07jqn.default\urlclassifier3.sqlite scheduled to be moved on reboot.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Jaf at 2008-11-10 15:10:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 190 GB (86%) free of 221 GB
Total RAM: 2039 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:15 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jaf\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jaf.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [\\JAF\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P36 "\\JAF\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra 'Tools' menuitem: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222627551750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222691785234
O17 - HKLM\System\CCS\Services\Tcpip\..\{45285544-6853-4EB3-B415-A53AEC88E814}: NameServer = 66.174.95.44 69.78.96.14
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8875 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-27 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-27 162328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-27 137752]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"\\JAF\EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-04 99840]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Power2GoExpress"= []
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut]
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe [2007-11-15 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut_Utility]
C:\Program Files\Lenovo\EnergyCut\utilty.exe [2005-11-14 2506752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility]
C:\Program Files\Lenovo\EnergyCut\utilty.exe [2005-11-14 2506752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2006-05-05 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2006-05-05 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe [2007-10-26 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler]
C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe [2006-05-05 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFacePassManager]
C:\Program Files\Lenovo\VeriFace\PManage.exe [2008-09-28 241664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-22 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2004-11-01 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PicNotify]
C:\WINDOWS\system32\PicNotify.dll [2008-09-28 622592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe"="C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\mIRC\mirc.exe"="C:\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-10 12:54:00 ----D---- C:\Documents and Settings\Jaf\Application Data\Malwarebytes
2008-11-10 12:53:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-10 12:53:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-08 16:09:54 ----D---- C:\rsit
2008-11-07 10:59:45 ----D---- C:\Wallpapers
2008-11-03 14:56:41 ----D---- C:\Quiz
2008-11-02 19:29:18 ----D---- C:\Program Files\Trend Micro
2008-11-02 19:22:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-02 19:14:18 ----D---- C:\Program Files\uTorrent
2008-11-02 19:14:11 ----D---- C:\Documents and Settings\Jaf\Application Data\uTorrent
2008-11-02 08:48:26 ----D---- C:\Documents and Settings\Jaf\Application Data\Zeon
2008-11-02 08:46:55 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-11-02 08:46:51 ----D---- C:\Documents and Settings\All Users\Application Data\zeon
2008-11-02 08:46:50 ----D---- C:\WINDOWS\system32\DocucomRes6
2008-11-02 08:46:21 ----D---- C:\Documents and Settings\Jaf\Application Data\ScanSoft
2008-11-02 08:46:21 ----A---- C:\WINDOWS\BiMonitor.ini
2008-11-02 08:46:20 ----A---- C:\WINDOWS\maxlink.ini
2008-11-02 08:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-11-02 08:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-11-02 08:44:58 ----D---- C:\Program Files\ScanSoft
2008-11-02 08:17:49 ----RA---- C:\WINDOWS\system32\A4SCAN.DLL
2008-11-02 08:15:31 ----D---- C:\attache_winxp_driver
2008-11-02 07:53:57 ----D---- C:\PaperPort Professional 11
2008-10-30 14:43:59 ----A---- C:\WINDOWS\Pltf.INI
2008-10-30 14:39:46 ----A---- C:\WINDOWS\system32\msxbse35.dll
2008-10-30 14:39:46 ----A---- C:\WINDOWS\system32\msexch35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\VBAR332.DLL
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\mstext35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msrpfs35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\mspdox35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msltus35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msjt4jlt.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msjet35.dll
2008-10-30 14:39:45 ----A---- C:\WINDOWS\system32\msexcl35.dll
2008-10-30 14:39:44 ----A---- C:\WINDOWS\system32\msrepl35.dll
2008-10-30 14:39:44 ----A---- C:\WINDOWS\system32\JETCOMP.exe
2008-10-30 14:39:43 ----A---- C:\WINDOWS\system32\msjter35.dll
2008-10-30 14:39:43 ----A---- C:\WINDOWS\system32\msjint35.dll
2008-10-30 14:39:40 ----A---- C:\WINDOWS\daoredistInstalled.txt
2008-10-30 14:35:26 ----D---- C:\Charms
2008-10-30 14:35:08 ----D---- C:\BookMark
2008-10-30 14:34:56 ----D---- C:\Walking Sticks
2008-10-30 14:34:27 ----A---- C:\WINDOWS\system32\haspvdd.dll
2008-10-30 14:33:29 ----D---- C:\WINDOWS\DAO
2008-10-30 14:32:40 ----D---- C:\Gravostyle 5 Dynamic_2004
2008-10-30 14:16:17 ----A---- C:\WINDOWS\system32\akscoinst.dll
2008-10-30 14:14:06 ----D---- C:\Program Files\Common Files\Vision Numeric Shared
2008-10-30 14:14:06 ----A---- C:\WINDOWS\Computip.ini
2008-10-30 14:13:56 ----A---- C:\WINDOWS\system32\VN_OCX.TXT
2008-10-30 14:13:20 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2008-10-30 14:13:19 ----D---- C:\GravoStyle5200
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\VN_SYSTEM_NT_DLL.TXT
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\VN_SYSTEM_NT_95_DLL.TXT
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\LEAD51N.DLL
2008-10-30 14:13:19 ----A---- C:\WINDOWS\system32\Inetwh32.dll
2008-10-27 06:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 19:27:12 ----D---- C:\Blindwrite_Suite_v6.0.5.38
2008-10-17 09:07:35 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-10-17 09:05:10 ----D---- C:\Program Files\DAEMON Tools Pro
2008-10-17 09:01:33 ----D---- C:\Documents and Settings\Jaf\Application Data\DAEMON Tools Pro
2008-10-17 08:03:30 ----D---- C:\DAEMON Tools Pro ADVANCED 4.10.B218.0
2008-10-16 02:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-12 10:33:07 ----D---- C:\WINDOWS\Sun
2008-10-12 10:33:06 ----D---- C:\Documents and Settings\Jaf\Application Data\Sun
2008-10-11 16:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-11 16:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-11 16:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-11 16:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-11 13:51:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-11 13:51:27 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-11 13:51:16 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-11 13:51:08 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-11 13:50:56 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-11 13:50:14 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-11 13:49:48 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-11 13:49:43 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-11 13:09:15 ----D---- C:\Program Files\Yawcam
2008-10-11 13:08:31 ----D---- C:\Program Files\Sun
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-11 13:08:26 ----A---- C:\WINDOWS\system32\java.exe
2008-10-11 13:04:16 ----D---- C:\Program Files\Java
2008-10-11 12:46:10 ----D---- C:\Program Files\Common Files\Java

======List of files/folders modified in the last 1 months======

2008-11-10 15:09:44 ----D---- C:\WINDOWS\Temp
2008-11-10 15:09:27 ----D---- C:\WINDOWS\Prefetch
2008-11-10 15:07:39 ----D---- C:\Program Files\Mozilla Firefox
2008-11-10 15:07:23 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Merlin CDMA EV-DO Modem.txt
2008-11-10 15:04:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-10 15:04:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-10 12:53:59 ----D---- C:\WINDOWS\system32\drivers
2008-11-10 12:53:55 ----RD---- C:\Program Files
2008-11-10 12:50:44 ----AD---- C:\WINDOWS\system32
2008-11-09 12:37:05 ----SHD---- C:\System Volume Information
2008-11-09 12:37:05 ----D---- C:\WINDOWS\system32\Restore
2008-11-08 08:58:14 ----D---- C:\Documents and Settings\Jaf\Application Data\Newsbin
2008-11-05 09:23:38 ----D---- C:\WINDOWS
2008-11-05 09:23:38 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-05 07:45:55 ----SD---- C:\Documents and Settings\Jaf\Application Data\Microsoft
2008-11-04 07:00:59 ----D---- C:\mIRC
2008-11-03 11:06:08 ----D---- C:\Documents and Settings\Jaf\Application Data\Adobe
2008-11-03 09:00:58 ----HD---- C:\WINDOWS\inf
2008-11-02 19:32:19 ----SH---- C:\boot.ini
2008-11-02 19:32:19 ----A---- C:\WINDOWS\win.ini
2008-11-02 19:32:19 ----A---- C:\WINDOWS\system.ini
2008-11-02 19:29:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 08:46:59 ----SHD---- C:\WINDOWS\Installer
2008-11-02 08:46:58 ----SHD---- C:\Config.Msi
2008-11-02 08:46:00 ----D---- C:\WINDOWS\WinSxS
2008-11-02 08:45:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-02 08:45:16 ----D---- C:\Program Files\Common Files
2008-11-02 08:17:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-02 08:17:49 ----D---- C:\WINDOWS\twain_32
2008-10-30 14:39:40 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-30 14:33:59 ----RSD---- C:\WINDOWS\Fonts
2008-10-30 14:16:17 ----D---- C:\WINDOWS\system32\Setup
2008-10-29 17:42:10 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 17:13:09 ----D---- C:\Program Files\MP3Miner
2008-10-27 06:09:40 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 07:15:19 ----D---- C:\Program Files\MagicDVDCopier
2008-10-19 13:08:23 ----D---- C:\Newsbin
2008-10-17 13:01:14 ----D---- C:\Documents and Settings\Jaf\Application Data\Ahead
2008-10-16 07:16:35 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-16 07:16:34 ----RSD---- C:\WINDOWS\assembly
2008-10-16 06:51:30 ----D---- C:\Program Files\Internet Explorer
2008-10-16 02:03:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 02:02:54 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 02:02:23 ----D---- C:\WINDOWS\ie7updates
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 06:07:59 ----D---- C:\Documents and Settings\Jaf\Application Data\CyberLink
2008-10-11 16:19:04 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-11 13:51:08 ----D---- C:\Program Files\Windows Media Player
2008-10-11 13:51:05 ----D---- C:\WINDOWS\Help
2008-10-11 13:33:25 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-11 13:27:37 ----D---- C:\Program Files\Movie Maker
2008-10-11 13:27:26 ----D---- C:\WINDOWS\RegisteredPackages

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-23 16984]
R1 awecho;awecho; C:\WINDOWS\system32\drivers\awechomd.sys [2004-03-05 8368]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-11-17 11165]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys [2007-07-27 8832]
R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2004-04-28 328448]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2004-05-11 99968]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-22 161792]
R3 Cam5607;Lenovo Easy Camera; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-11-02 828328]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-22 5762208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
R3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-28 47360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 BulkUsb;Attache USB Scanner; C:\WINDOWS\System32\Drivers\usbscan.sys [2008-04-13 15104]
S3 a0aww1yj;a0aww1yj; C:\WINDOWS\system32\drivers\a0aww1yj.sys []
S3 CapFilt;CapFilt; C:\WINDOWS\system32\drivers\CapFilt.sys [2008-09-28 18048]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe [2007-10-26 262233]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe [2007-10-26 106583]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-10-25 262247]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2004-11-01 106496]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-28 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
It seems to be running fine how do the logs look?

Hi jafwiz

Quote

Logs look good to me;

You will see that point 4 below relates to a firewall - I do not see one on your system. I suggest one of the following;

PC Tools
Outpost

Congratulations your system is clean

You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented

• Now Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
  
  The easiest and safest way to do this is:
  Go to Start > Programs > Accessories > System Tools and click "System Restore"
  Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  Then go to Start > Run and type: Cleanmgr
  Click "OK".
  Click the "More Options" Tab.
  Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
  
  
• Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
  Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
  Go here to check for & install updates to Microsoft applications
  Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  
• Make sure that you keep your antivirus updated
  New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  
• Install and use a firewall with outbound protection
  The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
  Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  
• Keep your non-Microsoft applications updated as well
  Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  
• Make Internet Explorer more secure
  Click Start > Run
  Type Inetcpl.cpl & click OK
  Click on the Security tab
  Click Reset all zones to default level
  Make sure the Internet Zone is selected & Click Custom level
  In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  
• Install SpywareBlaster & make sure to update it regularly
  SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  If you don't know what activex controls are, see here
  You can download SpywareBlaster from here
  
• Install and use Spybot Search & Destroy
  Instructions are located here
  Make sure you update, reimmunize & scan regularly
  
• Make use of the HOSTS file included with Spybot Search & Destroy
  Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
  • Run Spybot Search & Destroy
    
  • Click on Mode, and then place a tick next to Advanced mode
    
  • Click Yes
    
  • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    
  • Click on Add Spybot-S&D hosts list
  Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
  • Click Start > Run
    
  • Type services.msc & click OK
    
  • In the list, find the service called DNS Client & double click on it.
    
  • On the dropdown box, change the setting from automatic to manual.
    
  • Click OK & then close the Services window
  For a more detailed explanation of the HOSTS file, click here
  
• Install a-squared Free & update and scan with it regularly
  a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
  Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  
• Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.