Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run 16-bit Win Program problem


  • Please log in to reply
13 replies to this topic

#1 polaris6

polaris6

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 14 December 2008 - 04:09 PM

This problem all started when I tried to reinstall al older (apparently 16-bit Windows) program on my laptop. I had it installed and running on the laptop about a year ago when I disable and uninstalled it. The program comes as a zip file; when unzipped, it produces 22 files, three of which are exe files, one very important to get it started.

When I tried to run the program from my laptop several days ago, I got the message..."Can't run 16-bit Windows Program...can't find 'exe' file or one of its components"... I tried the 16-bit fix program and whatever advice I received to no avail.

Yesterday, I installed the program from the zip file on my desktop and it worked fine. The desktop has the same OS (XP Pro), but with SP2 rather than SP3 (on the laptop). Today, I copied all 22 files from the unzipped folder on the desktop to a memory stick, which I then plugged into the laptop. I then tried to execute the exe file and it worked fine. I then copied the 22 files to a folder on the laptop HD and tried to execute the exe file and then received the same message....Can't run 16-bit Win program.

I have run the Kaspersy scan, which is attached and the RSIT scan. I tried to attach these files to this message, but I cannot see it they are there, so I am going to copy and paste them from their respective storage ares.

Thanks you again for your help.

info.txt logfile of random's system information tool 1.04 2008-12-14 15:42:15

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Capn Voyager Mosaic Version 8-->C:\PROGRA~1\CAPNVO~1\UNWISE.EXE C:\PROGRA~1\CAPNVO~1\MOSAIC~1.LOG
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Chart Navigator-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Maptech\Chart Navigator\DeIsL1.isu"
Coastal Explorer-->C:\Program Files\Coastal Explorer\Uninstall.exe
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DeLorme Serial Emulator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3DECA0-EB4D-4FDC-A706-B88A3640A212}\setup.exe" -l0x9 -removeonly
DeLorme Street Atlas USA 2005 Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13C8D5EF-ECAB-4BF9-AB35-9774AEC00EEE}\Setup.exe" -l0x9 NoMode
DeLorme Street Atlas USA 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BBD350-F44E-47C1-9245-228AD8A9171D}\setup.exe" -l0x9 NoMode
D-link AirPlus G DWL-G120 Wireless USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07070EAB-9349-4F6C-AC13-AEFE436F9775}\Setup.exe" -l0x9
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTray 2.0.0.19-->"C:\Program Files\GTray\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IZArc 3.7-->"C:\Program Files\IZArc\unins000.exe"
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MasterCook Deluxe 9-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{99B366B0-76B6-4DBA-95A3-A730015A7D01}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSRedist-->MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
NavRules 2.2.4-->C:\PROGRA~1\NAVRUL~1.2\UNWISE.EXE C:\PROGRA~1\NAVRUL~1.2\INSTALL.LOG "NavRules 2.2.4 Uninstall"
NETGEAR WG511v2 wireless PC card-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B93D24B3-928D-4805-B379-4AA47CB3794E}
Norton CleanSweep-->MsiExec.exe /I{634B01DF-A45B-4623-80E1-E15FF82A4979}
Norton Ghost 9.0-->MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101}
Norton SystemWorks 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{71E7B3F5-CFAF-4C1E-B494-528E28707937}.exe /X
Norton SystemWorks-->MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton Utilities-->MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
NSW_DRM_COLLECTION-->MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}
O2Micro Smartcard Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E1547FCE-F5DD-4D77-8C71-13B6A2B8F527} /l1033
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel AC97 Audio Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Smart Defrag 1.02-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus-->MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
TWC Customer Controls-->MsiExec.exe /I{F8722041-B63A-47FB-82A8-5F0977E1CF45}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Visual Passage Planner 2-->"C:\Program Files\Visual Passage Planner 2\unins000.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP Energy Blue Theme Pack-->C:\WINDOWS\Windows XP Energy Blue Theme Pack Uninstaller.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
winqfx16bit-->MsiExec.exe /I{09436295-C739-4D18-B89F-93A9EDDD1346}
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unin_yextras.exe /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\Yinsthelper.dll
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\Messenger\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\Messenger\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: AVG Anti-Virus Free
AV: Symantec AntiVirus Corporate Edition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adaptec Shared\System
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by User at 2008-12-14 15:46:29
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (24%) free of 76 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:39, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GX2IA094\RSIT[1].exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180125009677
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10876 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-19 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-01-12 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-14 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-11-20 878352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-12 2554944]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-19 2055960]
{98828DED-A591-462F-83BA-D2F62A68B8B8}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-07-29 335872]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-17 58728]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"SmartRAM"=C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe [2007-10-29 662016]
"Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-11-10 1126400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-12 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-26 2235920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-10-23 1968880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
NETGEAR Smart Wizard.lnk - C:\WINDOWS\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-12-30 55104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\DeLorme\DeLSerial\DeLSerial.exe"="C:\Program Files\Common Files\DeLorme\DeLSerial\DeLSerial.exe:*:Enabled:GPS multiplexer tray application."
"C:\Program Files\Capn Voyager\Capn_Voyager_Mosaic.exe"="C:\Program Files\Capn Voyager\Capn_Voyager_Mosaic.exe:*:Enabled:Capn 32-bit Charting Module"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Coastal Explorer\Chart.exe"="C:\Program Files\Coastal Explorer\Chart.exe:*:Enabled:Coastal Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - WD_Windows_Tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8f415a0-7874-11dd-8575-00904b7f9384}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8f415a9-7874-11dd-8575-00904b7f9384}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2008-12-14 15:40:26 ----D---- C:\Program Files\trend micro
2008-12-14 15:40:21 ----D---- C:\rsit
2008-12-14 08:06:24 ----A---- C:\WINDOWS\system32\command.com.bak
2008-12-14 08:06:23 ----A---- C:\WINDOWS\system32\config.nt.bak
2008-12-14 08:06:23 ----A---- C:\WINDOWS\system32\autoexec.nt.bak
2008-12-13 16:07:58 ----D---- C:\Program Files\winqfx16bit
2008-12-12 17:55:51 ----D---- C:\navrules
2008-12-12 15:40:41 ----A---- C:\WINDOWS\NAV32.INI
2008-12-10 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-17 17:31:40 ----D---- C:\Documents and Settings\User\Application Data\AdobeUM
2008-11-16 09:51:31 ----HDC---- C:\WINDOWS\ie7
2008-11-16 09:44:03 ----D---- C:\2bfc4e35772e441fda9f0086
2008-11-13 03:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 00:49:27 ----A---- C:\WINDOWS\system32\PdfPorts.dll
2008-11-13 00:49:27 ----A---- C:\WINDOWS\system32\adistres.dll
2008-11-13 00:49:15 -------- C:\WINDOWS\system32\pdfshell.dll
2008-11-13 00:48:52 ----D---- C:\WINDOWS\system32\Adobe
2008-11-13 00:48:18 ----D---- C:\Documents and Settings\User\Application Data\InterTrust
2008-11-12 22:02:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-12 21:55:04 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-11-12 21:55:02 ----D---- C:\Program Files\NOS
2008-11-05 10:35:33 ----A---- C:\lic_log.txt
2008-11-05 10:31:23 ----D---- C:\3DCHARTS
2008-11-05 10:26:24 ----A---- C:\WINDOWS\Contour.INI
2008-11-05 10:26:20 ----D---- C:\Chartkit
2008-11-05 10:25:55 ----A---- C:\WINDOWS\system32\rapi.dll
2008-11-05 10:25:54 ----A---- C:\WINDOWS\system32\ceutil.dll
2008-11-05 10:25:21 ----D---- C:\Program Files\Maptech
2008-11-05 10:25:05 ----A---- C:\WINDOWS\uninst.exe
2008-11-02 09:07:11 ----A---- C:\WINDOWS\NetwkCfg.txt
2008-10-25 02:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 10:47:33 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-23 10:42:10 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-23 10:41:51 ----A---- C:\rapport.txt
2008-10-23 10:28:55 ----SHD---- C:\Config.Msi
2008-10-23 07:50:07 ----A---- C:\WINDOWS\VPC32.INI
2008-10-22 23:23:03 ----D---- C:\Program Files\Symantec AntiVirus
2008-10-18 09:36:26 ----D---- C:\Documents and Settings\User\Application Data\XemiComputers
2008-10-18 09:36:26 ----D---- C:\Documents and Settings\All Users\Application Data\XemiComputers
2008-10-17 06:30:04 ----D---- C:\Program Files\GTray
2008-10-15 02:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 02:01:47 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 02:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-10 12:36:01 ----D---- C:\David Bass Golf
2008-10-10 05:19:27 ----D---- C:\Documents and Settings\User\Application Data\IsolatedStorage
2008-10-10 05:03:15 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2008-10-08 19:43:25 ----D---- C:\Myrtle Cup
2008-10-03 20:40:49 ----D---- C:\WINDOWS\Applian FLV Player
2008-10-03 20:40:49 ----D---- C:\Program Files\FLV Player
2008-10-03 20:40:25 ----A---- C:\WINDOWS\Applian FLV Player Setup Log.txt
2008-10-03 20:20:48 ----D---- C:\Documents and Settings\User\Application Data\IObit
2008-09-30 23:21:54 ----D---- C:\Dummy
2008-09-30 18:14:51 ----D---- C:\Images2
2008-09-25 11:04:05 ----D---- C:\Program Files\Visual Passage Planner 2
2008-09-25 06:46:40 ----D---- C:\Documents and Settings\All Users\Application Data\Digital Wave
2008-09-22 10:43:19 ----D---- C:\WINDOWS\Sun
2008-09-22 10:43:19 ----D---- C:\Documents and Settings\User\Application Data\Sun
2008-09-22 10:43:04 ----D---- C:\Program Files\Sun
2008-09-22 10:42:51 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-22 10:42:51 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-22 10:42:51 ----A---- C:\WINDOWS\system32\java.exe
2008-09-22 10:42:11 ----D---- C:\Program Files\Java
2008-09-22 10:41:43 ----D---- C:\Program Files\Common Files\Java
2008-09-21 06:43:44 ----D---- C:\WINDOWS\pss
2008-09-21 06:42:40 ----D---- C:\Computer Help
2008-09-17 09:42:11 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-17 09:41:37 ----A---- C:\YServer.txt
2008-09-16 09:04:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-16 09:03:47 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-16 09:03:47 ----D---- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-09-16 07:19:24 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-16 07:19:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 07:19:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of files/folders modified in the last 3 months======

2008-12-14 15:46:38 ----D---- C:\WINDOWS\Temp
2008-12-14 15:40:47 ----D---- C:\WINDOWS\Prefetch
2008-12-14 15:40:26 ----RD---- C:\Program Files
2008-12-14 15:40:07 ----D---- C:\Downloads
2008-12-14 10:57:10 ----HD---- C:\WINDOWS\inf
2008-12-14 10:51:19 ----D---- C:\Documents and Settings\User\Application Data\U3
2008-12-14 10:35:06 ----A---- C:\WINDOWS\navrules.ini
2008-12-14 10:04:15 ----D---- C:\Boating-Marine
2008-12-14 09:14:31 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 08:06:24 ----D---- C:\WINDOWS\system32
2008-12-13 22:48:27 ----D---- C:\Hijackthis
2008-12-13 22:36:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-13 22:26:41 ----D---- C:\WINDOWS
2008-12-13 22:24:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 21:47:44 ----D---- C:\WINDOWS\system32\config
2008-12-13 19:58:10 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 16:08:00 ----SHD---- C:\WINDOWS\Installer
2008-12-13 16:08:00 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2008-12-13 06:28:15 ----D---- C:\USPS
2008-12-13 01:00:11 ----D---- C:\Program Files\Norton SystemWorks
2008-12-12 22:40:56 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-12 22:37:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-12 22:26:08 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-12 18:01:23 ----D---- C:\Program Files\NavRules 2.2
2008-12-12 16:13:58 ----D---- C:\WINDOWS\system
2008-12-12 15:24:25 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-12 15:24:22 ----D---- C:\WINDOWS\Debug
2008-12-12 15:24:22 ----D---- C:\Program Files\Capn Voyager
2008-12-12 15:24:22 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-12-12 15:24:22 ----D---- C:\Documents and Settings\All Users\Application Data\Rose Point Navigation Systems
2008-12-12 14:42:21 ----SD---- C:\WINDOWS\Tasks
2008-12-12 14:41:40 ----D---- C:\Program Files\Google
2008-12-10 06:18:09 ----D---- C:\Program Files\Internet Explorer
2008-12-10 03:02:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-10 03:02:30 ----D---- C:\WINDOWS\ie7updates
2008-12-10 03:02:06 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 17:39:13 ----D---- C:\PowerPoint
2008-12-07 17:32:57 ----D---- C:\PhotoCht
2008-12-04 08:10:59 ----D---- C:\Documents
2008-11-23 13:31:05 ----D---- C:\WINDOWS\Help
2008-11-23 08:52:37 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2008-11-20 06:05:56 ----D---- C:\Coastal Explorer Documents
2008-11-19 19:11:19 ----D---- C:\Program Files\Coastal Explorer
2008-11-18 09:24:21 ----D---- C:\Program Files\IObit
2008-11-18 09:12:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-17 18:03:26 ----D---- C:\Program Files\Common Files\Adobe
2008-11-17 18:03:05 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-17 18:02:36 ----D---- C:\Program Files\Adobe
2008-11-16 09:55:39 ----D---- C:\WINDOWS\system32\en-US
2008-11-16 09:53:38 ----D---- C:\WINDOWS\WBEM
2008-11-16 09:53:27 ----D---- C:\WINDOWS\Media
2008-11-12 22:02:10 ----D---- C:\Program Files\Common Files
2008-11-12 21:59:51 ----D---- C:\WINDOWS\WinSxS
2008-11-07 16:45:32 ----A---- C:\WINDOWS\system32\WMVCore.dll
2008-10-30 04:35:11 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-26 03:11:40 ----HD---- C:\$AVG8.VAULT$
2008-10-24 17:07:26 ----D---- C:\Documents and Settings
2008-10-23 10:29:06 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-23 08:45:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 -------- C:\WINDOWS\system32\tzchange.exe
2008-10-22 23:23:37 ----D---- C:\Program Files\Symantec
2008-10-22 23:23:03 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-22 22:34:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-17 02:08:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 08:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-10-09 06:56:21 ----D---- C:\Nikon Images
2008-10-03 20:32:39 ----D---- C:\Temp_Capn_Install
2008-10-03 20:32:35 ----D---- C:\WINDOWS\ime
2008-10-03 05:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-09-25 14:54:12 ----D---- C:\Program Files\Apoint
2008-09-25 14:54:05 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-25 06:46:40 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-21 08:41:34 ----SH---- C:\boot.ini
2008-09-21 08:41:34 ----N---- C:\WINDOWS\win.ini
2008-09-21 08:41:34 ----N---- C:\WINDOWS\system.ini
2008-09-19 21:12:21 ----D---- C:\Documents and Settings\User\Application Data\Yahoo!
2008-09-17 09:41:14 ----D---- C:\Program Files\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-19 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-06-01 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2004-11-10 14384]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-20 17217]
R1 PQIMount;PQIMount; C:\WINDOWS\system32\drivers\PQIMount.sys [2004-11-10 46800]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2007-06-08 143834]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-12-23 264240]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2007-06-08 206464]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2003-12-17 17005]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-08-19 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 VirtualSerial;VirtualSerial; C:\WINDOWS\system32\drivers\VirtualSerial.sys [2004-11-16 106336]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1406464]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2007-06-08 30630]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VirusDefs\20081213.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VirusDefs\20081213.002\navex15.sys []
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys [2005-03-10 265984]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-01-27 150528]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-12-18 424448]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2007-06-08 25898]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-07-03 1063936]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]
S3 PRISM_A02;D-link AirPlus G DWL-G120 WLAN USB Driver; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2003-11-11 336800]
S3 RT73;Belkin Wireless G Plus MIMO USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 SDdriver;SDdriver; \??\C:\WINDOWS\system32\Drivers\sddriver.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-24 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-01-17 197992]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-01-17 181608]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-12-30 30528]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2004-11-10 53248]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 168432]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2004-11-10 1273856]
R2 NProtectService;Norton Unerase Protection; C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE [2004-08-30 95328]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-12-30 153416]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE [2004-08-30 181416]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-12-30 1107784]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-06-07 819352]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2008-01-17 79208]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-12-23 202448]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2008-07-15 394608]

-----------------EOF-----------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 14:02:05
Records in database: 1460709


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 84392
Threat name 3
Infected objects 2
Suspicious objects 5
Duration of the scan 02:15:00

File name Threat name Threats count
C:\Documents\mailmessagesgsmC840\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents\mailmessagesgsmC840\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880000.VBN Infected: Trojan-Downloader.Win32.Zlob.aayy 1

C:\Documents and Settings\User\Local Settings\Application Data\Identities\{91EAABAE-8A71-4E9E-86C8-194863DA46D5}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\User\Local Settings\Application Data\Identities\{EF2CEC40-7B10-4E3D-B09A-48E80414E9F6}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\User\Local Settings\Application Data\Identities\{EF2CEC40-7B10-4E3D-B09A-48E80414E9F6}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Downloads\remote access-tightvnc-1.3.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1

The selected area was scanned.


Thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 polaris6

polaris6
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 17 December 2008 - 09:27 AM

I hope this post has not fallen through the cracks. I am still having this problem and followed what I thought were all the instructions provided.

Thanks in advance.

polaris6

#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:22 AM

Posted 23 December 2008 - 07:09 PM

Hello polaris6

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Rsit log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#4 polaris6

polaris6
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 26 December 2008 - 11:20 AM

I have not been helped.

Here are my latest logs. I would appreciate any help.


DDS (Version 1.1.0) - NTFSx86
Run by User at 11:11:08.39 on Fri 12/26/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.410 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\1H2X3RC6\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.usatoday.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {98828DED-A591-462F-83BA-D2F62A68B8B8} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SmartRAM] c:\program files\iobit\advanced windowscare v2\MemCleaner.exe /m
mRun: [Norton Ghost 9.0] c:\program files\symantec\norton ghost\agent\GhostTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acrobat assistant.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgear smart wizard.lnk - c:\windows\installer\{b93d24b3-928d-4805-b379-4aa47cb3794e}\NewShortcut1_1.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: MasterCook: Select Image - c:\program files\mastercook 9\web\MCIEContext.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E6EF5071-7647-4E85-9785-87B6CF5CB561} - {C92041C1-6D22-4069-BA0E-66246AA752B0} - c:\windows\system32\shdocvw.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-11-10 138801]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-29 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2004-6-1 26824]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-11-10 46800]
R1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-19 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-19 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-29 76040]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2004-8-27 197992]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2004-8-27 181608]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2004-8-30 95328]
R2 SavRoam;SAVRoam;"c:\program files\symantec antivirus\SavRoam.exe" [2004-12-30 153416]
R2 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\Rtvscan.exe" [2004-12-30 1107784]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-7 819352]
R2 VirtualSerial;VirtualSerial;c:\windows\system32\drivers\VirtualSerial.sys [2007-6-8 106336]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusdefs\20081221.020\naveng.sys [2008-12-21 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusdefs\20081221.020\navex15.sys [2008-12-21 876112]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2007-5-25 92550]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccPwdSvc.exe" [2004-8-27 79208]

=============== Created Last 30 ================


==================== Find3M ====================

2008-10-23 11:13 2,758 a------- c:\windows\system32\tmp.reg
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2005-03-10 13:45 265,984 a------- c:\windows\inf\wg511v2\WG511v2XP.sys
2005-03-10 13:45 265,856 a------- c:\windows\inf\wg511v2\WG511v2.sys
2004-08-05 15:06 212,992 a------- c:\windows\inf\wg511v2\CopyWHQLDriver.exe

============= FINISH: 11:11:38.96 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/25/2007 3:50:18 PM
System Uptime: 12/23/2008 6:17:28 PM (65 hours ago)

Motherboard: Dell Computer Corporation | | 0G5152
Processor: Intel® Pentium® M processor 1.70GHz | Microprocessor | 598/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 14.46 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 570x Gigabit Integrated Controller
Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Manufacturer: Allied Telesis
Name: Broadcom 570x Gigabit Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG511v2 54 Mbps Wireless PC Card
Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_4E001385&REV_03\5&11F07975&0&0008F0
Manufacturer: NETGEAR
Name: NETGEAR WG511v2 54 Mbps Wireless PC Card
PNP Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_4E001385&REV_03\5&11F07975&0&0008F0
Service: W8335XP

==== System Restore Points ===================

RP104: 9/28/2008 11:40:26 AM - System Checkpoint
RP105: 9/29/2008 10:34:29 PM - Avg8 Update
RP106: 9/30/2008 10:36:20 PM - System Checkpoint
RP107: 10/1/2008 10:57:04 PM - System Checkpoint
RP108: 10/2/2008 11:50:39 PM - System Checkpoint
RP109: 10/4/2008 12:36:37 AM - System Checkpoint
RP110: 10/5/2008 7:52:15 PM - System Checkpoint
RP111: 10/7/2008 5:07:45 PM - System Checkpoint
RP112: 10/8/2008 5:37:40 PM - System Checkpoint
RP113: 10/9/2008 6:19:44 PM - System Checkpoint
RP114: 10/10/2008 6:02:17 AM - Installed Norton Ghost
RP115: 10/10/2008 6:12:08 AM - Removed Norton Ghost
RP116: 10/10/2008 6:14:20 AM - Installed Norton Ghost 9.0
RP117: 10/11/2008 6:26:41 AM - System Checkpoint
RP118: 10/14/2008 9:26:57 PM - System Checkpoint
RP119: 10/15/2008 3:00:21 AM - Software Distribution Service 3.0
RP120: 10/16/2008 3:50:16 AM - System Checkpoint
RP121: 10/17/2008 3:50:26 AM - System Checkpoint
RP122: 10/18/2008 4:50:30 AM - System Checkpoint
RP123: 10/19/2008 8:33:11 AM - System Checkpoint
RP124: 10/20/2008 9:17:11 AM - System Checkpoint
RP125: 10/21/2008 10:53:58 AM - Avg8 Update
RP126: 10/22/2008 11:44:01 AM - System Checkpoint
RP127: 10/23/2008 12:22:54 AM - Installed Symantec AntiVirus
RP128: 10/23/2008 11:28:53 AM - Removed SUPERAntiSpyware Free Edition
RP129: 10/24/2008 12:22:57 PM - System Checkpoint
RP130: 10/25/2008 3:00:21 AM - Software Distribution Service 3.0
RP131: 10/26/2008 3:07:02 AM - System Checkpoint
RP132: 10/27/2008 4:07:02 AM - System Checkpoint
RP133: 10/28/2008 5:06:59 AM - System Checkpoint
RP134: 10/29/2008 6:06:59 AM - System Checkpoint
RP135: 10/30/2008 8:02:43 AM - System Checkpoint
RP136: 10/31/2008 8:11:03 AM - System Checkpoint
RP137: 11/1/2008 10:40:34 PM - System Checkpoint
RP138: 11/2/2008 11:36:56 PM - System Checkpoint
RP139: 11/3/2008 11:58:55 PM - System Checkpoint
RP140: 11/5/2008 12:35:02 AM - System Checkpoint
RP141: 11/6/2008 1:16:00 AM - System Checkpoint
RP142: 11/7/2008 2:15:59 AM - System Checkpoint
RP143: 11/8/2008 3:16:38 AM - System Checkpoint
RP144: 11/9/2008 4:16:05 AM - System Checkpoint
RP145: 11/10/2008 4:16:32 AM - System Checkpoint
RP146: 11/10/2008 11:58:44 PM - Avg8 Update
RP147: 11/12/2008 12:00:33 AM - System Checkpoint
RP148: 11/12/2008 9:58:56 PM - Removed Adobe Reader 8.1.2
RP149: 11/12/2008 9:59:57 PM - Installed Adobe Reader 9.
RP150: 11/13/2008 12:22:12 AM - Printer Driver AdobePS Acrobat Distiller Installed
RP151: 11/13/2008 12:30:36 AM - Printer Driver AdobePS Acrobat Distiller Installed
RP152: 11/13/2008 12:36:39 AM - Printer Driver AdobePS Acrobat Distiller Installed
RP153: 11/13/2008 12:36:47 AM - Printer Driver Acrobat PDFWriter Installed
RP154: 11/13/2008 12:50:15 AM - Printer Driver AdobePS Acrobat Distiller Installed
RP155: 11/13/2008 12:55:28 AM - Removed Adobe Reader 9.
RP156: 11/13/2008 3:00:23 AM - Software Distribution Service 3.0
RP157: 11/13/2008 11:05:30 PM - Advanced WindowsCare RestorePoint
RP158: 11/13/2008 11:22:10 PM - Advanced WindowsCare RestorePoint
RP159: 11/13/2008 11:23:59 PM - Software Distribution Service 3.0
RP160: 11/15/2008 2:26:21 AM - System Checkpoint
RP161: 11/16/2008 3:24:27 AM - System Checkpoint
RP162: 11/16/2008 9:50:44 AM - Installed Windows NLSDownlevelMapping.
RP163: 11/16/2008 9:51:11 AM - Installed Windows IDNMitigationAPIs.
RP164: 11/16/2008 9:53:16 AM - Installed Windows Internet Explorer 7.
RP165: 11/16/2008 9:54:28 AM - Software Distribution Service 3.0
RP166: 11/17/2008 3:00:22 AM - Software Distribution Service 3.0
RP167: 11/17/2008 5:24:35 PM - Installed Adobe Reader 7.0
RP168: 11/17/2008 5:43:23 PM - Removed Adobe Reader 7.0
RP169: 11/17/2008 6:02:30 PM - Installed Adobe Reader 9.
RP170: 11/18/2008 1:20:27 AM - Software Distribution Service 3.0
RP171: 11/18/2008 9:25:54 AM - Advanced SystemCare RestorePoint
RP172: 11/19/2008 10:27:02 AM - System Checkpoint
RP173: 11/20/2008 11:01:30 AM - System Checkpoint
RP174: 11/21/2008 11:10:47 AM - System Checkpoint
RP175: 11/22/2008 5:46:02 PM - System Checkpoint
RP176: 11/23/2008 11:19:44 PM - System Checkpoint
RP177: 11/24/2008 11:48:23 PM - System Checkpoint
RP178: 12/25/2008 10:48:28 PM - System Checkpoint
RP179: 11/26/2008 9:12:55 PM - System Checkpoint
RP180: 11/27/2008 8:24:57 AM - Avg8 Update
RP181: 11/28/2008 3:13:07 PM - System Checkpoint
RP182: 12/3/2008 5:55:48 PM - System Checkpoint
RP183: 12/4/2008 7:08:38 PM - System Checkpoint
RP184: 12/7/2008 2:31:59 PM - System Checkpoint
RP185: 12/8/2008 2:56:19 PM - System Checkpoint
RP186: 12/9/2008 3:08:00 PM - System Checkpoint
RP187: 12/10/2008 3:00:23 AM - Software Distribution Service 3.0
RP188: 12/11/2008 3:00:25 AM - Software Distribution Service 3.0
RP189: 12/12/2008 3:44:54 AM - System Checkpoint
RP190: 12/12/2008 2:42:15 PM - Removed Google Talk Plugin
RP191: 12/12/2008 2:47:58 PM - Avg8 Update
RP192: 12/12/2008 10:41:15 PM - Configured NETGEAR WG511v2 wireless PC card
RP193: 12/12/2008 10:44:48 PM - Installed NETGEAR WG511v2 wireless PC card
RP194: 12/13/2008 4:07:56 PM - Installed winqfx16bit
RP195: 12/14/2008 4:44:25 PM - System Checkpoint
RP196: 12/15/2008 9:53:46 AM - Removed Ad-Aware
RP197: 12/15/2008 10:00:34 AM - Installed Ad-Aware
RP198: 12/16/2008 12:11:45 PM - System Checkpoint
RP199: 12/17/2008 1:44:30 PM - System Checkpoint
RP200: 12/18/2008 3:00:50 AM - Software Distribution Service 3.0
RP201: 12/19/2008 11:53:23 AM - System Checkpoint
RP202: 12/20/2008 1:00:40 PM - System Checkpoint
RP203: 12/21/2008 2:04:10 PM - System Checkpoint
RP204: 12/22/2008 6:08:13 PM - System Checkpoint
RP205: 12/23/2008 6:50:52 PM - System Checkpoint
RP206: 12/24/2008 7:24:25 PM - System Checkpoint
RP207: 12/25/2008 8:24:27 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9
Advanced SystemCare 3
ALPS Touch Pad Driver
Applian FLV Player
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free 8.0
Capn Voyager Mosaic Version 8
ccCommon
CCleaner (remove only)
CDBurnerXP Pro 3
Chart Navigator
Coastal Explorer
Conexant D480 MDC V.92 Modem
D-link AirPlus G DWL-G120 Wireless USB Adapter
Dell ResourceCD
Dell Wireless WLAN Card
DeLorme Serial Emulator
DeLorme Street Atlas USA 2005
DeLorme Street Atlas USA 2005 Data
Easy CD Creator 5 Basic
Foxit Reader
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GTray 2.0.0.19
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
IZArc 3.7
Java™ 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Malwarebytes' Anti-Malware
MasterCook Deluxe 9
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MSRedist
NETGEAR WG511v2 wireless PC card
Norton CleanSweep
Norton Ghost 9.0
Norton SystemWorks
Norton SystemWorks 2005
Norton SystemWorks 2005 (Symantec Corporation)
Norton Utilities
NSW_DRM_COLLECTION
O2Micro Smartcard Driver
OpenOffice.org Installer 1.0
PDFCreator
QuickTime
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SigmaTel AC97 Audio Drivers
Smart Defrag 1.03
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.1
Street Atlas USA 2005
Symantec AntiVirus
TWC Customer Controls
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Visual Passage Planner 2
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows XP Energy Blue Theme Pack
Windows XP Service Pack 3
winqfx16bit
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/21/2008 1:40:13 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

#5 polaris6

polaris6
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 26 December 2008 - 03:36 PM

I can't find the latest HiJackthis log I posted...here it is again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:45, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180125009677
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10786 bytes

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:22 AM

Posted 26 December 2008 - 07:17 PM

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Symantec Antivirus.
============================================================
I do not see any malware in your logs it may be better to ttry and post in this section of the forums:
http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

Where they cover Operating System problems and will be better able to assist with your issues.

Before you go though please read the following and update Java please.
Please delete the items in these boxes inside of your mail (if you have not do so already)
Inbox & Sent Items box

Both contain malware that could be an issue these were piscked up by the KAspersky scan you did earlier.
==============
.Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
=========
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 polaris6

polaris6
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 30 December 2008 - 10:13 AM

Thanks for the tips. I am having difficulty completing the instructions.

1. I cannot download the exe file from the Java site. The d/l process starts, but only gets started and trys again and agin until it stops and displays a message that it has failed. Hence, I have not been able to update to the new version of Java.

2. I don't really understand the following statement:

"Please delete the items in these boxes inside of your mail (if you have not do so already)
Inbox & Sent Items box"

I am unclear what items inside the 'Inbox. and Sent Items" need to be removed. More specifically, I am unclear how I get displayed the items to be removed.

I have not uninstalled the earlier versions of Java because I don't have a newer one to install.

In short, I have not proceeded past the Java update recommendation in your list above.

#8 polaris6

polaris6
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 30 December 2008 - 10:13 AM

Thanks for the tips. I am having difficulty completing the instructions.

1. I cannot download the exe file from the Java site. The d/l process starts, but only gets started and trys again and agin until it stops and displays a message that it has failed. Hence, I have not been able to update to the new version of Java.

2. I don't really understand the following statement:

"Please delete the items in these boxes inside of your mail (if you have not do so already)
Inbox & Sent Items box"

I am unclear what items inside the 'Inbox. and Sent Items" need to be removed. More specifically, I am unclear how I get displayed the items to be removed.

I have not uninstalled the earlier versions of Java because I don't have a newer one to install.

In short, I have not proceeded past the Java update recommendation in your list above.

#9 polaris6

polaris6
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 30 December 2008 - 10:13 AM

Thanks for the tips. I am having difficulty completing the instructions.

1. I cannot download the exe file from the Java site. The d/l process starts, but only gets started and trys again and agin until it stops and displays a message that it has failed. Hence, I have not been able to update to the new version of Java.

2. I don't really understand the following statement:

"Please delete the items in these boxes inside of your mail (if you have not do so already)
Inbox & Sent Items box"

I am unclear what items inside the 'Inbox. and Sent Items" need to be removed. More specifically, I am unclear how I get displayed the items to be removed.

I have not uninstalled the earlier versions of Java because I don't have a newer one to install.

In short, I have not proceeded past the Java update recommendation in your list above.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:22 AM

Posted 30 December 2008 - 07:03 PM

Try to do the online install instead.

What I meant was you need to empty both of those e-mail folders as they had malware in them.
Kaspersky showed that but was not specific so it is better to delete everything in them.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 polaris6

polaris6
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 30 December 2008 - 11:01 PM

I have done everything you have suggested. Finally, I was able to install Java update11; I removed update 6 (that was the only version I had installed previously. I removed C:/rist, and emptied the inbox. However, I find it difficult deleting the Sent email; it represents my record of what I have sent to clients/friends, etc. Do you really mean I should delete them all...all 9 years of those messages?

The original problem still persists; I get the error message regarding the inability to run the 16-bit windows program because it cannot file the exe file or one of its components.

To repeat: if I unzip the 'master file' to a flash drive and then try to execute the 'exe' file, it runs perfectly. However, if I copy those unzipped files to a folder on the HD (C:), I get the error message as above.

Surely, if there is Malware to prevent the execution of a file on the HD, the same Malware should prevent that same exe file from being executed from the flash drive, but it does not.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:22 AM

Posted 31 December 2008 - 08:15 AM

Hi I posted this above:

I do not see any malware in your logs it may be better to ttry and post in this section of the forums:
http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

Where they cover Operating System problems and will be better able to assist with your issues.

If you want to keep the emails then I suggest only deleting the ones that have attachment or only deleting the attachments.

It is up to you.

Edited by kahdah, 31 December 2008 - 08:15 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 polaris6

polaris6
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 31 December 2008 - 09:03 AM

Thanks again. I will delete the attachments to the sent mail messages or the messages with the attachments; there are some 3000+ of them.

Your advice to post on another forum is interesting. I started on that forum and was directed to the current one. I guess I have made a full circle now.

Thanks for your help.

polaris6

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:22 AM

Posted 31 December 2008 - 09:19 AM

Since you came from that forum try this one instead it deals specifically with Application problem's hopefully they will get you sorted out.
That forum can be found here: http://www.bleepingcomputer.com/forums/f/57/all-other-applications/

Edited by kahdah, 31 December 2008 - 09:19 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users