Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Afinder And Afisicx In Services.msc


  • This topic is locked This topic is locked
16 replies to this topic

#1 Mtnbkr

Mtnbkr

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 09 September 2008 - 06:22 PM

Hey Gang my first post and hope I am doing it correctly. Did all the prep scanned and scanned again with AVG, Spybot , McAfee AVERT Stinger, and have Zone Alarm installed and running. Before I did all this I had constant clicking going on in the background and every once in a while and voice would come on, I guess its kind of an audio pop up? I got on the internet and saw this site and got info on how to check for certain things that may be going on by doing a services.msc run off the start button and sure enough there is afinder and afisicx which I believe have been described as pretty tenacious worms or viruses that don't get removed by the usual scanners. Since I installed and have been running ZoneAlarm it has been kept in a check but I still would like to remove them and anything else that may be seen in the HTJ log I am pasting below. Let me know next steps and I apologize if I have not proceeded correctly and appreciate any direction you are able to give. Here is the log pasted below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:21 PM, on 9/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\noytcyr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\roxtctm.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Internet Explorer] iexpl0re.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/...NG/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190653822390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe (file missing)
O23 - Service: afisicx Co. Ltd. (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mabidwe Event propagation service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing)
O23 - Service: nobicyt Service (nobicyt) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)
O23 - Service: noxtcyr Manages messages (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing)
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: roxtctm Portable Media Serial Service (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)
O23 - Service: sotpeca Manages messages (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing)
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: tdydowkc Portable Media Serial Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe (file missing)
O23 - Service: wsldoekd Portable Media Serial Service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe

--
End of file - 10474 bytes


Look forward to hearing from the experts ...thanks so much...

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:25 AM

Posted 22 September 2008 - 02:29 PM

Hi Mtnbkr,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

I'm afraid I've got bad news. As you might already know your system is heavily infected.

One or more of the identified infections is a backdoor trojan.

A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still try to clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to remove the infection please go on with the following steps.


Removal Instructions
  • Please tell me:
    • If you have run any other tools or have made changes to the system I should know.
    • If this is the only computer you are using at home.
    • If you have a Windows installation CD just in case it is needed.
  • Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download SDFix by AndyManchesta and save it to your desktop.
    When using this tool, you must use the Administrator's account or an account with "Administrative rights"
    • Double click SDFix.exe and it will extract the files to %systemdrive%
    • (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • DO NOT use it just yet.
    Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Open the SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Copy and paste the contents of the results file Report.txt in your next reply.
  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log after running it and removing what it finds, or removing files after reboot.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of Files/Folders created to 3 Months.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note:The logs will be created in this folder: C:\rsit
Please post in your next reply:
  • The SDfix log.
  • The log of MBAM.
  • Both the RSIT log.

Edited by farbar, 22 September 2008 - 02:31 PM.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:25 AM

Posted 27 September 2008 - 06:10 AM

Its been 5 days without a reply. I appreciate it if you let me know if you wanted to continue.

#4 Mtnbkr

Mtnbkr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 27 September 2008 - 11:02 PM

HI Farbar, I decided to do a system restore and that way I know its gone.... I finally finished today re updating all the XP updates and everything else. I did a services.msc at the run prompt and no afinder or asfisicx. When you first told me what to do, next day went to my banks and changed all the passwords..went to the library and did some others on line... maybe not the safest but had to do it quick. so far no malicious activity on any accounts. I have zone alarm running, avg and for scanning files have spybot. I will do a few scans and see if anything familiar comes up.. zone alarm kept catching these exe files trying to connect BEFORE the system restore... mabidwe.exe, roytctm.exe and tdydowkc.exe so far since the restore no sign of them. I have some disk drive cleanup to do and will run a hijack log and post it so you can tell me if you think things are looking good. Should I hear any unusual clicking and if I hear one voice unwarranted I am going to cry! after I get all things set I am wondering what is the best way to back the system up to my new external hard drive so I don't have to update and reinstall piece by piece...any help on how that is done would be good. Thanks for your patience and appreciate your help..will keep my fingers crossed and will get a log to you in a day or two...thanks Henry

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:25 AM

Posted 28 September 2008 - 06:52 AM

Thanks for letting me know.

I hope for you your PC is clean.

Take your time but when ready I suggest you to run MBAM anyway and post its log along with RSIT logs.

#6 Mtnbkr

Mtnbkr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 28 September 2008 - 10:02 AM

Will do...be back soon... thanks

#7 Mtnbkr

Mtnbkr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 01 October 2008 - 08:36 AM

Ok I am back with the info you had requested. As you know I had done a system restore on my HP backup where the source disks I believe are in the partition. The HP came with a load of bloatware that I have removed mostly. Updated the XP to sp3 and when the weird voices and clicking were happening before all this restoring I installed Spybot Search and Destroy, AVG8, Zone Alarm and Lavasoft AD-Aware. I would run Zone alarm as my firewall and it would catch those .exe files mentioned in earlier post all the time..but they would keep coming back
Other computers are 2 laptops run wireless and I did all your instructions but I do not have a windows specific install disc but do have back system recovery disk on a CD. oh yeah just before the restore I added an external hard drive to back up some files.
I followed your instructions and here are the result logs for you to see:

SDfix report is-

SDFix: Version 1.230
Run by Owner on Tue 09/30/2008 at 10:47 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :


The mbam LOG is:

Malwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 3

10/1/2008 5:39:55 AM
mbam-log-2008-10-01 (05-39-55).txt

Scan type: Quick Scan
Objects scanned: 48158
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The RSIT LOG is:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-01 09:18:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 52 GB (73%) free of 71 GB
Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:34 AM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\notepad.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222551558862
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222551751462
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6187 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-27 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL [2008-09-27 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - []
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL [2008-09-27 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]
"AutoTKit"=C:\hp\bin\AUTOTKIT.EXE [2003-06-18 53248]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-05-03 4640768]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"PS2"=C:\WINDOWS\system32\ps2.exe []
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-29 1234712]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"=c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe []
"NVIEW"=C:\WINDOWS\system32\nview.dll [2003-05-03 835654]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2008-10-01 09:18:19 ----D---- C:\rsit
2008-09-30 23:16:04 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-30 23:13:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 23:13:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 22:44:44 ----D---- C:\WINDOWS\ERUNT
2008-09-30 22:37:37 ----D---- C:\SDFix
2008-09-29 12:19:48 ----A---- C:\WINDOWS\system32\lsdelete.exe
2008-09-28 16:26:17 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-28 16:26:17 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-28 09:13:08 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-27 23:19:14 ----D---- C:\Documents and Settings\Owner\Application Data\MailFrontier
2008-09-27 23:18:46 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-09-27 23:18:11 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-09-27 23:18:10 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-09-27 23:17:57 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-09-27 23:17:57 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-09-27 23:17:51 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-09-27 23:17:49 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-09-27 23:17:49 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-09-27 23:17:48 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-09-27 23:17:48 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-09-27 23:17:48 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-09-27 23:17:06 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-09-27 23:17:06 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-09-27 23:17:06 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-09-27 23:12:08 ----A---- C:\WINDOWS\system32\CNMVS58.DLL
2008-09-27 23:12:08 ----A---- C:\WINDOWS\system32\CNMLM58.DLL
2008-09-27 23:12:07 ----A---- C:\WINDOWS\system32\CNMCP58.exe
2008-09-27 22:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-27 22:07:22 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-09-27 22:01:25 ----D---- C:\WINDOWS\Prefetch
2008-09-27 21:22:23 ----D---- C:\WINDOWS\system32\en-us
2008-09-27 21:22:22 ----D---- C:\WINDOWS\system32\scripting
2008-09-27 21:22:22 ----D---- C:\WINDOWS\system32\en
2008-09-27 21:07:21 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-09-27 21:07:17 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-27 21:07:12 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-27 21:07:09 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-27 21:07:09 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-27 21:07:02 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-09-27 21:07:01 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-27 21:07:01 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-27 21:06:48 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-27 21:06:44 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-27 21:06:43 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-27 21:06:41 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-27 21:06:40 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-27 21:06:40 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-27 21:06:40 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-27 21:06:38 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-27 21:06:36 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-27 21:06:26 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-27 21:06:26 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-27 21:06:26 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-27 21:06:24 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-27 21:06:24 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-27 21:06:22 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-27 21:06:22 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-27 21:06:08 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-27 21:06:07 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-27 21:06:07 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-27 21:06:07 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-27 21:06:00 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-27 21:06:00 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-27 21:05:59 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-27 21:05:59 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-27 21:05:59 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-27 21:05:59 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-27 21:05:43 ----A---- C:\WINDOWS\005337_.tmp
2008-09-27 21:05:42 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-27 21:05:42 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-27 21:05:42 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-27 21:05:41 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-27 21:05:41 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-27 21:05:41 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-27 21:05:41 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-27 21:05:41 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-27 21:05:39 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-27 21:05:39 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-27 21:05:39 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-27 21:05:39 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-27 21:05:39 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-27 21:05:39 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-27 21:05:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-27 21:05:37 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-27 21:05:37 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-27 21:05:37 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-27 21:05:35 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-27 21:05:30 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-27 21:05:30 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-27 21:05:24 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-27 20:44:09 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-09-27 20:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-09-27 20:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-09-27 20:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-09-27 20:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-09-27 20:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-09-27 20:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-09-27 20:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-09-27 20:33:22 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-09-27 20:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-09-27 20:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-09-27 20:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-09-27 20:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-09-27 20:23:12 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-09-27 20:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-09-27 20:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-09-27 20:17:07 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-09-27 20:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-09-27 20:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-09-27 20:14:28 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-09-27 20:13:41 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-09-27 20:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-09-27 20:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-09-27 20:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-09-27 20:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-09-27 20:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-09-27 20:08:40 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-09-27 20:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-09-27 20:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-09-27 20:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-09-27 20:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-09-27 20:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-09-27 20:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-09-27 20:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-09-27 20:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-09-27 20:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-09-27 19:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-09-27 19:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-09-27 19:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-09-27 19:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-09-27 19:56:22 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-09-27 19:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-09-27 19:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-09-27 19:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-09-27 19:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-09-27 19:26:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-27 19:15:57 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-27 19:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
2008-09-27 19:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
2008-09-27 18:57:24 ----HDC---- C:\WINDOWS\$NtUninstallKB905495$
2008-09-27 18:56:39 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-09-27 18:53:15 ----D---- C:\WINDOWS\system32\NtmsData
2008-09-27 18:52:49 ----A---- C:\WINDOWS\system32\jit.dll
2008-09-27 18:52:49 ----A---- C:\WINDOWS\system32\javaee.dll
2008-09-27 18:52:49 ----A---- C:\WINDOWS\setdebug.exe
2008-09-27 18:52:48 ----A---- C:\WINDOWS\system32\dx3j.dll
2008-09-27 18:52:44 ----A---- C:\WINDOWS\system32\wjview.exe
2008-09-27 18:52:44 ----A---- C:\WINDOWS\system32\vmhelper.dll
2008-09-27 18:52:44 ----A---- C:\WINDOWS\system32\msjdbc10.dll
2008-09-27 18:52:43 ----A---- C:\WINDOWS\system32\msjava.dll
2008-09-27 18:52:43 ----A---- C:\WINDOWS\system32\msawt.dll
2008-09-27 18:52:43 ----A---- C:\WINDOWS\system32\jview.exe
2008-09-27 18:52:42 ----A---- C:\WINDOWS\system32\jdbgmgr.exe
2008-09-27 18:52:42 ----A---- C:\WINDOWS\system32\javart.dll
2008-09-27 18:52:42 ----A---- C:\WINDOWS\system32\javaprxy.dll
2008-09-27 18:52:41 ----A---- C:\WINDOWS\system32\javacypt.dll
2008-09-27 18:52:40 ----A---- C:\WINDOWS\system32\clspack.exe
2008-09-27 18:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
2008-09-27 18:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
2008-09-27 18:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2008-09-27 18:19:10 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2008-09-27 18:19:10 ----N---- C:\WINDOWS\system32\xmlprov.dll
2008-09-27 18:19:10 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2008-09-27 18:19:10 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2008-09-27 18:19:10 ----N---- C:\WINDOWS\system32\wshbth.dll
2008-09-27 18:19:09 ----A---- C:\WINDOWS\system32\wscsvc.dll
2008-09-27 18:19:09 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-09-27 18:19:02 ----N---- C:\WINDOWS\system32\winshfhc.dll
2008-09-27 18:18:58 ----N---- C:\WINDOWS\system32\w3ssl.dll
2008-09-27 18:18:53 ----N---- C:\WINDOWS\system32\twext.dll
2008-09-27 18:18:49 ----N---- C:\WINDOWS\system32\strmfilt.dll
2008-09-27 18:18:41 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-27 18:18:40 ----N---- C:\WINDOWS\system32\spnpinst.exe
2008-09-27 18:18:40 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-27 18:18:39 ----N---- C:\WINDOWS\system32\smbinst.exe
2008-09-27 18:18:39 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-27 18:18:39 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-27 18:18:39 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-27 18:18:39 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-27 18:18:38 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-27 18:18:34 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2008-09-27 18:18:27 ----N---- C:\WINDOWS\system32\proxycfg.exe
2008-09-27 18:18:26 ----N---- C:\WINDOWS\system32\powercfg.exe
2008-09-27 18:18:26 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2008-09-27 18:18:25 ----N---- C:\WINDOWS\system32\p2psvc.dll
2008-09-27 18:18:25 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2008-09-27 18:18:25 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2008-09-27 18:18:25 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2008-09-27 18:18:25 ----N---- C:\WINDOWS\system32\p2p.dll
2008-09-27 18:18:14 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-27 18:18:02 ----N---- C:\WINDOWS\system32\msdadiag.dll
2008-09-27 18:17:56 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-27 18:17:55 ----N---- C:\WINDOWS\system32\logman.exe
2008-09-27 18:17:52 ----N---- C:\WINDOWS\system32\kbdukx.dll
2008-09-27 18:17:52 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2008-09-27 18:17:52 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-09-27 18:17:52 ----N---- C:\WINDOWS\system32\kbdno1.dll
2008-09-27 18:17:52 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2008-09-27 18:17:52 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2008-09-27 18:17:52 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2008-09-27 18:17:52 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2008-09-27 18:17:52 ----N---- C:\WINDOWS\system32\kbdinben.dll
2008-09-27 18:17:52 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2008-09-27 18:17:51 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2008-09-27 18:17:47 ----N---- C:\WINDOWS\system32\ieencode.dll
2008-09-27 18:17:43 ----N---- C:\WINDOWS\system32\httpapi.dll
2008-09-27 18:17:43 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-27 18:17:40 ----N---- C:\WINDOWS\system32\fwcfg.dll
2008-09-27 18:17:40 ----N---- C:\WINDOWS\system32\fsquirt.exe
2008-09-27 18:17:39 ----N---- C:\WINDOWS\system32\fltmc.exe
2008-09-27 18:17:39 ----N---- C:\WINDOWS\system32\fltlib.dll
2008-09-27 18:17:38 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-27 18:17:38 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-09-27 18:17:38 ----A---- C:\WINDOWS\005813_.tmp
2008-09-27 18:17:31 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2008-09-27 18:17:29 ----N---- C:\WINDOWS\system32\btpanui.dll
2008-09-27 18:17:29 ----N---- C:\WINDOWS\system32\bthserv.dll
2008-09-27 18:17:29 ----N---- C:\WINDOWS\system32\bthci.dll
2008-09-27 18:17:29 ----N---- C:\WINDOWS\system32\blastcln.exe
2008-09-27 18:17:29 ----N---- C:\WINDOWS\system32\auditusr.exe
2008-09-27 18:17:28 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-27 18:17:28 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-27 18:17:28 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-27 18:17:28 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-27 18:17:28 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-27 18:17:28 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-27 18:17:28 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-27 17:54:17 ----A---- C:\WINDOWS\system32\esent.dll
2008-09-27 17:45:23 ----D---- C:\WINDOWS\system32\PreInstall
2008-09-27 17:45:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-09-27 17:44:01 ----D---- C:\WINDOWS\system32\bits
2008-09-27 17:43:06 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-09-27 17:43:06 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-09-27 17:43:06 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-09-27 17:43:06 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-09-27 17:39:46 ----A---- C:\WINDOWS\system32\wups2.dll
2008-09-27 17:39:46 ----A---- C:\WINDOWS\system32\wups.dll
2008-09-27 17:39:46 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-09-27 17:39:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-09-27 17:39:46 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-27 17:39:45 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-09-27 17:39:45 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-09-27 17:31:56 ----RSHD---- C:\cmdcons
2008-09-27 17:31:17 ----D---- C:\WINDOWS\setupupd
2008-09-27 17:30:32 ----A---- C:\WINDOWS\system32\iuengine.dll
2008-09-27 17:27:10 ----N---- C:\WINDOWS\system32\javaw.exe
2008-09-27 17:27:10 ----N---- C:\WINDOWS\system32\java.exe
2008-09-23 08:41:26 ----A---- C:\WINDOWS\wininit.ini
2008-09-09 19:50:25 ----D---- C:\Program Files\Trend Micro
2008-09-09 18:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 18:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 08:52:09 ----D---- C:\Program Files\ZoneAlarmSB
2008-09-09 08:48:33 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-09 08:47:56 ----A---- C:\WINDOWS\zllsputility.exe
2008-09-09 08:47:02 ----D---- C:\Program Files\Zone Labs
2008-09-09 08:45:55 ----D---- C:\WINDOWS\Internet Logs
2008-09-08 15:10:24 ----D---- C:\Program Files\Lavasoft
2008-09-02 15:49:34 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2008-08-24 12:47:57 ----D---- C:\Program Files\AVG
2008-08-22 10:19:39 ----D---- C:\WINDOWS\Minidump
2008-08-18 09:36:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-18 09:36:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-18 09:36:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-18 09:35:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-18 09:35:24 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-18 09:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-18 09:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-08-18 09:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-08-18 09:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-08-18 09:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-18 09:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-18 09:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-18 09:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-18 09:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-18 09:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-18 02:12:27 ----D---- C:\WINDOWS\l2schemas
2008-08-18 01:53:21 ----A---- C:\WINDOWS\005550_.tmp
2008-07-18 22:07:54 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-14 11:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-07-14 11:34:03 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-07-14 11:32:48 ----D---- C:\Program Files\Windows Media Connect 2
2008-07-14 11:32:18 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-07-14 11:31:18 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-07-14 11:30:35 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

======List of files/folders modified in the last 3 months======

2008-10-01 09:18:34 ----D---- C:\WINDOWS\Temp
2008-10-01 09:09:42 ----D---- C:\Program Files\Mozilla Firefox
2008-09-30 23:18:57 ----SHD---- C:\WINDOWS\Installer
2008-09-30 23:13:21 ----D---- C:\WINDOWS\system32\drivers
2008-09-30 23:13:19 ----RD---- C:\Program Files
2008-09-30 23:07:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-30 22:47:20 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-30 22:44:44 ----D---- C:\WINDOWS
2008-09-30 22:39:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-30 22:35:11 ----HD---- C:\$AVG8.VAULT$
2008-09-29 18:21:40 ----D---- C:\WINDOWS\system32
2008-09-29 18:20:35 ----D---- C:\WINDOWS\system32\FxsTmp
2008-09-29 10:10:49 ----D---- C:\Program Files\Common Files
2008-09-29 09:50:47 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-09-28 16:26:16 ----HD---- C:\WINDOWS\inf
2008-09-28 10:54:14 ----A---- C:\WINDOWS\ODBC.INI
2008-09-28 10:53:43 ----A---- C:\WINDOWS\win.ini
2008-09-28 10:52:47 ----D---- C:\WINDOWS\ShellNew
2008-09-28 10:50:50 ----D---- C:\WINDOWS\system
2008-09-28 10:50:50 ----D---- C:\WINDOWS\msapps
2008-09-28 10:50:50 ----D---- C:\Program Files\microsoft frontpage
2008-09-28 10:50:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-28 09:11:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-27 23:40:09 ----RSD---- C:\WINDOWS\Fonts
2008-09-27 23:40:09 ----A---- C:\WINDOWS\QBWCD.INI
2008-09-27 23:14:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 23:00:35 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-27 23:00:32 ----A---- C:\WINDOWS\imsins.BAK
2008-09-27 22:46:04 ----D---- C:\Program Files\Internet Explorer
2008-09-27 22:46:03 ----D---- C:\WINDOWS\Help
2008-09-27 22:38:54 ----D---- C:\Program Files\Messenger
2008-09-27 22:37:23 ----HDC---- C:\WINDOWS\ie7
2008-09-27 22:28:57 ----D---- C:\WINDOWS\WinSxS
2008-09-27 22:15:17 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-27 22:05:51 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-27 22:03:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-27 22:03:13 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-27 22:01:40 ----A---- C:\WINDOWS\setuplog.txt
2008-09-27 22:00:59 ----D---- C:\WINDOWS\system32\Setup
2008-09-27 22:00:58 ----D---- C:\WINDOWS\system32\wbem
2008-09-27 22:00:58 ----D---- C:\WINDOWS\AppPatch
2008-09-27 22:00:18 ----D---- C:\WINDOWS\security
2008-09-27 21:26:29 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-27 21:22:52 ----D---- C:\Program Files\Windows Media Player
2008-09-27 21:22:39 ----D---- C:\WINDOWS\ime
2008-09-27 21:22:23 ----D---- C:\WINDOWS\system32\usmt
2008-09-27 21:22:21 ----D---- C:\WINDOWS\peernet
2008-09-27 21:22:21 ----D---- C:\Program Files\Movie Maker
2008-09-27 21:21:47 ----D---- C:\WINDOWS\system32\Restore
2008-09-27 21:21:47 ----D---- C:\WINDOWS\system32\npp
2008-09-27 21:21:45 ----D---- C:\WINDOWS\msagent
2008-09-27 21:21:43 ----D---- C:\WINDOWS\srchasst
2008-09-27 21:21:42 ----D---- C:\Program Files\NetMeeting
2008-09-27 21:21:41 ----D---- C:\WINDOWS\system32\Com
2008-09-27 21:21:37 ----D---- C:\Program Files\Windows NT
2008-09-27 21:21:37 ----D---- C:\Program Files\Outlook Express
2008-09-27 21:21:33 ----D---- C:\Program Files\Common Files\System
2008-09-27 21:21:16 ----D---- C:\WINDOWS\system32\oobe
2008-09-27 21:18:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-27 21:18:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-27 21:14:24 ----D---- C:\WINDOWS\EHome
2008-09-27 20:47:50 ----D---- C:\WINDOWS\Debug
2008-09-27 20:10:20 ----A---- C:\WINDOWS\system.ini
2008-09-27 20:08:32 ----D---- C:\WINDOWS\MSBN
2008-09-27 20:08:00 ----HD---- C:\hp
2008-09-27 19:47:30 ----RASH---- C:\boot.ini
2008-09-27 19:45:37 ----D---- C:\WINDOWS\system32\mui
2008-09-27 19:44:18 ----D---- C:\WINDOWS\system32\ras
2008-09-27 19:43:54 ----D---- C:\WINDOWS\system32\icsxml
2008-09-27 19:43:53 ----D---- C:\WINDOWS\system32\ias
2008-09-27 19:42:39 ----D---- C:\WINDOWS\addins
2008-09-27 19:42:37 ----D---- C:\WINDOWS\Media
2008-09-27 19:42:24 ----D---- C:\WINDOWS\Cursors
2008-09-27 19:42:20 ----HDC---- C:\WINDOWS\$NtUninstallQ329112$
2008-09-27 19:42:07 ----D---- C:\Program Files\Common Files\Services
2008-09-27 19:41:18 ----RD---- C:\WINDOWS\Offline Web Pages
2008-09-27 19:41:15 ----RSD---- C:\WINDOWS\assembly
2008-09-27 19:40:32 ----RD---- C:\WINDOWS\Web
2008-09-27 19:40:13 ----RASH---- C:\NTDETECT.COM
2008-09-27 19:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB899587_0$
2008-09-27 19:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB924191_0$
2008-09-27 19:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB922819_0$
2008-09-27 19:17:44 ----D---- C:\Documents and Settings\Owner\Application Data\interMute
2008-09-27 19:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB885835_0$
2008-09-27 19:16:21 ----D---- C:\Program Files\Common Files\Real
2008-09-27 19:15:58 ----D---- C:\Documents and Settings\Owner\Application Data\Real
2008-09-27 19:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB885836_0$
2008-09-27 19:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923414_0$
2008-09-27 19:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB921883_0$
2008-09-27 19:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP9$
2008-09-27 19:12:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911927_0$
2008-09-27 19:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB922616_0$
2008-09-27 19:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB901017_0$
2008-09-27 19:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB899591_0$
2008-09-27 19:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB920685_0$
2008-09-27 19:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB896424_0$
2008-09-27 19:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB893756_0$
2008-09-27 19:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB911280_0$
2008-09-27 19:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB911562_0$
2008-09-27 19:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB896423_0$
2008-09-27 19:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB873339_0$
2008-09-27 19:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB924496_0$
2008-09-27 19:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB921398_0$
2008-09-27 19:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB896358_0$
2008-09-27 18:59:15 ----D---- C:\Program Files\Quicken
2008-09-27 18:59:14 ----A---- C:\WINDOWS\QUICKEN.INI
2008-09-27 18:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB910437_0$
2008-09-27 18:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2008-09-27 18:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-09-27 18:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB902400_0$
2008-09-27 18:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB920670_0$
2008-09-27 18:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB891781_0$
2008-09-27 18:52:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-27 18:52:37 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-27 18:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2008-09-27 18:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB919007_0$
2008-09-27 18:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB914388_0$
2008-09-27 18:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-09-27 18:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB917344_0$
2008-09-27 18:48:14 ----D---- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-09-27 18:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB905414_0$
2008-09-27 18:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB917953_0$
2008-09-27 18:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB901214_0$
2008-09-27 18:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923191_0$
2008-09-27 18:42:58 ----HDC---- C:\WINDOWS\$NtUninstallKB917422_0$
2008-09-27 18:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB888302_0$
2008-09-27 18:40:33 ----HDC---- C:\WINDOWS\$NtUninstallKB900725_0$
2008-09-27 18:39:45 ----HDC---- C:\WINDOWS\$NtUninstallKB912919_0$
2008-09-27 18:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB908531_0$
2008-09-27 18:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB905749_0$
2008-09-27 18:36:16 ----D---- C:\WINDOWS\Registration
2008-09-27 18:36:07 ----D---- C:\WINDOWS\system32\URTTemp
2008-09-27 18:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB913580_0$
2008-09-27 18:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB896428_0$
2008-09-27 18:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB908519_0$
2008-09-27 18:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB920683_0$
2008-09-27 18:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB914389_0$
2008-09-27 18:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB890859_0$
2008-09-27 17:56:38 ----SD---- C:\WINDOWS\Tasks
2008-09-27 17:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-09-27 17:44:32 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-09-27 17:43:54 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-09-27 17:42:35 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-27 17:39:48 ----HD---- C:\Program Files\WindowsUpdate
2008-09-27 17:33:17 ----SHD---- C:\RECYCLER
2008-09-27 17:31:56 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-09-27 17:31:41 ----D---- C:\WINDOWS\setup.pss
2008-09-27 17:28:34 ----SHD---- C:\System Volume Information
2008-09-27 17:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB824146$
2008-09-27 17:24:31 ----HDC---- C:\WINDOWS\$NtUninstallQ331958$
2008-09-27 17:23:49 ----HDC---- C:\WINDOWS\$NtUninstallQ811789$
2008-09-27 17:22:34 ----D---- C:\WINDOWS\nview
2008-09-27 17:21:16 ----RASH---- C:\BOOT.BAK
2008-09-08 15:09:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-02 15:50:29 ----D---- C:\Program Files\Java
2008-09-02 10:25:16 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-09-02 10:24:40 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-08-28 20:26:25 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-18 02:12:45 ----D---- C:\WINDOWS\network diagnostic
2008-08-07 15:44:20 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-08 23:22:39 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-07 16:26:58 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-27 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-27 26824]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-27 76040]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-04-01 625537]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-05-03 1312555]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-04-22 54784]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-27 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-05-03 69632]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

-----------------EOF-----------------

the RSIT info is

info.txt logfile of random's system information tool 1.04 2008-10-01 09:18:37

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Canon i560-->C:\WINDOWS\system32\CNMCP58.exe "-PRINTERNAMECanon i560" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmi0409.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Standard-->MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
NVIDIA Ethernet Driver-->C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA Gart Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
QuickBooks 99-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intuit\QuickBooks\DeIsL3.isu"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\2.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8

-----------------EOF-----------------
So there it is....Let me know what you see. Really appreciate all your help. Look forward to your reply. Thanks so much...Mtnbkr

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:25 AM

Posted 01 October 2008 - 11:42 AM

Hi Mtnbkr,

I see your log is clean from those malware. You have done a great job to get rid of them. :thumbsup:

Just some cleanup and preventive measure to do.
  • Your version of ZoneAlarm Firewall comes with ZoneAlarm Spyblocker toolbar and this is not highly recommended. See here to find out why.

    I recommend you to uninstall ZoneAlarm Spyblocker toolbar from Add/Remove program list.

    You may need to re-install ZoneAlarm Firewall if it's not working properly.

    Alternatively, you can get another firewall. Please make sure that only ONE firewall is installed on the computer. Having more than one firewall on a computer will cause conflicts.
    Here are some good free ones:
    Sunbelt-Kerio
    Comodo Firewall Pro
    Online Armor Free edition

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

    Note: The startup entry pointing at ALCMTR.EXE is an "Sypware" entry related to Realtek used silently to monitor one's actions. It is not a sinister one and you can remove the start up entry without affecting the function of Realtek software. Notice that you should not remove the file itself because it is needed for the subsequent updating of the software.

  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 update 7 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
  • First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.
  • Install Javacoolsİ SpywareBlaster -
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. You can find more information and a download link here.


#9 Mtnbkr

Mtnbkr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 01 October 2008 - 09:43 PM

Hi Farbar.. ok did all recommendations... question.. do you feel the firewalls you mentioned are better to use than ZoneAlarm? I have no preference and you have been 100% with me so can you make a recommendation on which you think I should use out of the 3 you mentioned. also on "Note: The startup entry pointing at ALCMTR.EXE ...." will this file show up as a spyware file on a computer scan? How do I turn it off at start up and which program does it relate to? Also, I am embarrassed to say that I do not think I ran the SDFix under the administrator account..geez, just when I was receiving your congratulations I screwed up... should I re-do or wait till next time or it still worked and I should be fine? Lastly, Once this is all done and I have set the system to where it should be how do I make an exact copy of what i have on my computer, put it on my external hard drive in a way so that if this ever happens again I can just format and reinstall my copy from the external..easier said than done? Really want to thank you for your time and appreciate all your help. Look forward to hearing from you..your the greatest.. Mtnbkr

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:25 AM

Posted 02 October 2008 - 05:19 AM

:)

do you feel the firewalls you mentioned are better to use than ZoneAlarm? I have no preference and you have been 100% with me so can you make a recommendation on which you think I should use out of the 3 you mentioned.



As long as you don't have any problem with connecting to internet and the safe sites, ZoneAlarm would do the job. ZoneAlarm is a little bit heavy and the firewalls I mentioned might be smaller and do the job as well without causing problems.

I have mentioned the firewall in the order of my own preference.

If you don't have problem with ZoneAlarm go on using it. If you decided to replace it, uninstall it from Add/Remove then install the new firewall. In that case post a new Hijackthis log to make sure all the components are removed.

:)

also on "Note: The startup entry pointing at ALCMTR.EXE ...." will this file show up as a spyware file on a computer scan? How do I turn it off at start up and which program does it relate to?


No the scans don't flag it as malware and don't remove the file as the file itself should be there for future updates.

You don't need and can't turn the start up off. We have removed the start up with the hijackthis fix I posted.

It is related to Realtek audio driver (I don't see it on your programs list, usually it is Realtek AC'97 Audio).

:thumbsup:

Also, I am embarrassed to say that I do not think I ran the SDFix under the administrator account..geez, just when I was receiving your congratulations I screwed up... should I re-do or wait till next time or it still worked and I should be fine?


No problem. You needed to run SDFix when you had those trojan services on you computer. After getting rid of them SDFix was not needed. It has done most of what it does.

:)

Lastly, Once this is all done and I have set the system to where it should be how do I make an exact copy of what i have on my computer, put it on my external hard drive in a way so that if this ever happens again I can just format and reinstall my copy from the external..easier said than done? Really want to thank you for your time and appreciate all your help. Look forward to hearing from you..your the greatest.. Mtnbkr


I suggest you to backup your personal data, photos, music, etc. on an external hard drive. In case you ever needed to reformat and reinstall it is not as difficult as it looks and improves your computer performance.

However there are backup softwares like Acronis True Image. They can make a disk image of your hard HD and build up the subsequent updates and additions in two different ways.
Whether they work as they say, meaning putting back the backups when something happens, I'm not sure. In theory they claim they do, and I believe in many cases it might do, in practice it might go wrong and there cases it happens. So you depend on them and make no other backups to find out later on that the backed up images are not restorable and that would be a disaster.
I tried once one of them, was disappointed and found it not as handy as I thought and quit doing it.

#11 Mtnbkr

Mtnbkr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 08 October 2008 - 11:35 AM

Hi Farbar.. I removed Zone and using Comodo.. I did a scan with Spybot S&D said it found nothing..Here is the Hijack log..Let me know if there is something suspicious..thanks Henry

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:55 PM, on 10/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222551558862
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222551751462
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6942 bytes

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:25 AM

Posted 08 October 2008 - 12:19 PM

Hi Henry,

Good choice.
  • I see on the log the Ask Toolbars is installed on your computer:

    This program is known to be bundled with spyware. You may read more about Ask Toolbars here "Current Practices of IAC/Ask Toolbars"

    To uninstall Ask Toolbars:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Ask Toolbars

    Also remove the folder in bold: C:\Program Files\AskSBar

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Please copy and paste a fresh Hijackthis log to your reply to make sure there is nothing suspicious left.


#13 Mtnbkr

Mtnbkr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 08 October 2008 - 08:28 PM

Hi Farbar thanks for sticking it out with me. None of the problems that you listed came up to be checked off and fixed in system scan only. I rebooted then did the Hi jack log which is pasted below: I am keeping my fingers crossed...BTW, Where is the Ask bar tool bar from? I don't remember installing it..what program did it come with? Look forward to hearing from you... Thanks so much for all your help...Mtnbkr

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:08 PM, on 10/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222551558862
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222551751462
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6329 bytes

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:25 AM

Posted 09 October 2008 - 02:14 AM

Evrything looks good.

Ask Toolbar is installed with Comodo. There was an option and you could uncheck it when you install Comodo. See also this. Uninstalling it doesn't have effect on Comodo.

Glad I coud help.

Do you have any other question?

#15 Mtnbkr

Mtnbkr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 09 October 2008 - 06:12 PM

Yes one more question in regards to removing NVIDIA ethernet driver, NVIDIA Gart Driver, and NVIDIA 2000/xp display drivers.. Do you think it is safe to remove them from my programs list without negative results? I have had system hang ups and I believe I removed these files once before and the computer performance was faster and more reliable but thought I would ask you before I did anything.. ok to remove? Thanks Henry




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users