Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Rootkit-Agent.DI / Windows Update


  • This topic is locked This topic is locked
21 replies to this topic

#1 sleavelle

sleavelle

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 26 May 2009 - 07:01 PM

My PC was recently infested with numerous viruses, adware, etc. By running various malware removal software tools I have managed to clear all but two main problems (that I know of).

1) I have AVG Free 8.5 anti-virus (recently installed after giving up on Bit Defender) and the Resident Shield alerts me several times per day of the following infection:

Trojan Horse Rootkit-Agent.DI File: C:\Windows\System32\drivers\ndis.sys Process: C:\Windows\System32\drivers\svchost.exe
"Object is white-listed (critical/system file that should not be removed). "

I am not given any instructions on how to resolve this issue.

2) My Windows Automatic update has been disabled and I have not been able to re-enable, even in Safe Mode where it seems I can enable Automatic Updates only to find that they are disabled when I reboot. I have tried updating through MS Windows website but can only download individual patches, etc. due to Automatic Updates being disabled.

A couple other secondary issues:

3) I had installed SuperAntiSpyware based on recommendation of a friend. It crashed my PC when I tried to run it. Have not found so far how to uninstall.

4) Had also installed Avast anti-virus but had issues with it and ran the Uninstall. Looks like there are remnants of that s/w still in place.

Thanks in advance for any help.

The Attach.txt file is attached (that sounds funny). Here is my DDS log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 21:32:28.67 on Mon 05/25/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.486 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Owner\My Documents\Download\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mStart Page = hxxp://my.ev1.net/english/index.asp
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BackupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dmirr.exe] c:\windows\system32\dmirr.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Z-5 Speakers] c:\program files\logitech\z-5 speakers\Z-5 Speakers.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org1.1.3\program\quickstart.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\autoru~1\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-c23a-453e-a040-c7c580bbf700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180307458234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9706281E-985A-4BCE-B2B4-05AEC803D11A} - hxxps://insite.mhhs.org/MHHS_Portal_Login.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {05D1BDEC-8934-4187-9BC9-6154232F6017} = 208.67.220.220,208.67.222.222
TCP: {8BFF42F7-6324-4C1E-B9A6-53695B3F5E2C} = 208.67.220.220,208.67.222.222
Filter: text/html - {4a704cf9-03e9-4024-baee-2fb0eb08a21a} -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\lolazonu.dll c:\windows\system32\gowedafo.dll c:\windows\system32\givinoye.dll c:\windows\system32\hikevebu.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\y0ye9lf9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-ab-en-us&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\mozilla firefox\components\FFComm.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-23 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-23 108552]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-14 9968]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-23 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-23 298776]
R2 windefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 7408]
S1 60133b05;60133b05;c:\windows\system32\drivers\60133b05.sys --> c:\windows\system32\drivers\60133b05.sys [?]
S1 8966f7fc;8966f7fc;c:\windows\system32\drivers\8966f7fc.sys --> c:\windows\system32\drivers\8966f7fc.sys [?]
S1 aswsp;avast! Self Protection; [x]
S2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswfsblk.sys --> c:\windows\system32\drivers\aswFsBlk.sys [?]
S2 avast! antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashserv.exe" --> c:\program files\alwil software\avast4\ashServ.exe [?]
S2 mrtRate;mrtRate; [x]
S3 avast! mail scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashmaisv.exe" /service --> c:\program files\alwil software\avast4\ashMaiSv.exe [?]
S3 avast! web scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashwebsv.exe" /service --> c:\program files\alwil software\avast4\ashWebSv.exe [?]

=============== Created Last 30 ================

2009-05-23 13:36 159,232 a------- c:\windows\system32\ptpusd.dll
2009-05-23 13:36 5,632 a------- c:\windows\system32\ptpusb.dll
2009-05-23 09:33 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-23 09:33 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-23 09:33 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-23 09:33 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-23 09:33 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2009-05-23 08:55 <DIR> --d----- c:\windows\system32\NtmsData
2009-05-20 18:25 <DIR> --d----- c:\windows\system32\CatRoot2
2009-05-20 18:01 60,825,600 a------- c:\windows\sectest.db
2009-05-20 14:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-20 14:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-20 14:54 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-05-20 14:53 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-19 18:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-19 18:56 <DIR> --d----- c:\program files\Lavasoft
2009-05-17 18:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-17 18:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 18:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 13:13 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-17 12:59 <DIR> --d----- c:\program files\AVG
2009-05-17 12:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-03 19:11 577,536 a------- c:\windows\system32\cxlc
2009-05-03 11:34 577,536 a------- c:\windows\system32\snwsp
2009-05-02 15:21 577,536 a------- c:\windows\system32\vszwt
2009-05-02 11:40 182,912 ac------ c:\windows\system32\dllcache\ndis.sys
2009-05-02 11:18 577,536 a------- c:\windows\system32\tzkeekyhy
2009-05-02 11:18 2 a------- C:\1416432991
2009-05-01 18:58 <DIR> --d----- c:\program files\common files\Logitech
2009-05-01 17:56 130,208 a----r-- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2009-05-01 17:53 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-05-01 17:53 21,504 a------- c:\windows\system32\hidserv.dll

==================== Find3M ====================

2009-05-17 12:52 81,984 a------- c:\windows\system32\bdod.bin
2009-05-02 11:40 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-05-02 11:18 577,536 a------- c:\windows\system32\user32.DLL
2009-03-06 09:44 283,648 a------- c:\windows\system32\pdh.dll
2007-04-28 15:17 560 a------- c:\docume~1\owner\applic~1\ViewerApp.dat
2006-01-02 19:07 0 a------- c:\documents and settings\owner\3.dat
2006-01-02 19:07 0 a------- c:\documents and settings\owner\2.dat
2006-01-02 19:07 0 a------- c:\documents and settings\owner\1.dat
2005-12-29 13:02 0 a------- c:\docume~1\owner\applic~1\Install.dat
2004-10-03 13:01 0 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 21:33:04.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 07 June 2009 - 07:47 PM

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are always
very busy and we do are best to keep up. If you no longer require any help could you let me no
please, so this topic can be closed.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
First I would like to see a new log since alot could have changed since your origional post.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks

unite.jpg


#3 sleavelle

sleavelle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 11 June 2009 - 08:52 AM

syler - just saw your message. I had not checked in for a few days. The problem is not resolved, I will run the scan tonight and post the results. Please keep this topic active.

Thanks

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 11 June 2009 - 09:11 AM

NP sleavelle, the topic shall be kept alive :thumbup2:


P.s. If you would like to no when I reply to this topic, you can click the options button near the top of the page, then select track this topic
and choose what kind of notification you want.

Edited by syler, 11 June 2009 - 09:15 AM.

unite.jpg


#5 sleavelle

sleavelle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 11 June 2009 - 09:34 PM

syler - here are the requested log and and info files from the scan. Thanks for the tip on the thread tracking feature.

Log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-06-11 21:29:21
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 57 GB (39%) free of 148 GB
Total RAM: 1023 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:28 PM, on 6/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Documents and Settings\Owner\My Documents\Download\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ev1.net/english/index.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dmirr.exe] C:\WINDOWS\system32\dmirr.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Z-5 Speakers] C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-c23a-453e-a040-c7c580bbf700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related/st...geUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180307458234
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9706281E-985A-4BCE-B2B4-05AEC803D11A} (MHHS_Login Control) - https://insite.mhhs.org/MHHS_Portal_Login.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05D1BDEC-8934-4187-9BC9-6154232F6017}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BFF42F7-6324-4C1E-B9A6-53695B3F5E2C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{05D1BDEC-8934-4187-9BC9-6154232F6017}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {4a704cf9-03e9-4024-baee-2fb0eb08a21a} - C:\WINDOWS\system32\mst123.dll
O20 - AppInit_DLLs: c:\windows\system32\lolazonu.dll c:\windows\system32\gowedafo.dll c:\windows\system32\givinoye.dll c:\windows\system32\hikevebu.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner (avast! mail scanner) - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner (avast! web scanner) - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11791 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-05-23 2223872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPHUPD05"=c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-08-21 49152]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-08-21 483328]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
"UpdateManager"=c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"dmirr.exe"=C:\WINDOWS\system32\dmirr.exe []
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"Z-5 Speakers"=C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe [2008-05-30 550160]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-23 1947928]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"=c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [2004-01-09 32768]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-28 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a00f705207.exe]
C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F705207.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcxmonitor]
C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aticcc]
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmxlauncher]
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe [2006-08-14 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\opwarese2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\recordnow!]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\roxwatchtray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-08-10 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-18 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^hp digital imaging monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^logitech desktop messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2009-05-01 91440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^picture package menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^picture package vcd maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2004-07-08 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^quicken scheduled updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe [2003-07-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^updates from hp.lnk]
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^owner^start menu^programs^startup^imstart.lnk]
C:\Program Files\InterMute\IMStart.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
AutorunsDisabled
OpenOffice.org 1.1.3.lnk - C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\lolazonu.dll c:\windows\system32\gowedafo.dll c:\windows\system32\givinoye.dll c:\windows\system32\hikevebu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-21 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-23 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\windefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\windefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoBandCustomize"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe"="C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe"="C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Disabled:Medieval_TW"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6ac0ac2-0a5f-11d9-a7b9-806d6172696f}]
shell\AutoRun\command - D:\Info.exe folder.htt 480 480


======List of files/folders created in the last 3 months======

2009-06-11 21:28:34 ----D---- C:\rsit
2009-05-31 08:21:45 ----D---- C:\Program Files\Microsoft Silverlight
2009-05-30 07:34:24 ----D---- C:\WINDOWS\LastGood
2009-05-27 19:04:02 ----D---- C:\Program Files\2BrightSparks
2009-05-27 18:11:26 ----SHD---- C:\WINDOWS\ftpcache
2009-05-23 13:36:02 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-05-23 13:36:02 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-05-23 09:33:39 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-23 09:33:24 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2009-05-23 08:55:48 ----D---- C:\WINDOWS\system32\NtmsData
2009-05-20 19:05:38 ----D---- C:\Program Files\Alwil Software
2009-05-20 18:25:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-20 14:55:09 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-20 14:54:58 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-20 14:54:58 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2009-05-20 14:53:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-20 11:22:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-20 10:44:17 ----D---- C:\Program Files\Windows Defender
2009-05-19 18:56:16 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-19 18:56:04 ----D---- C:\Program Files\Lavasoft
2009-05-19 18:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-17 18:01:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-17 13:13:52 ----HD---- C:\$AVG8.VAULT$
2009-05-17 12:59:26 ----D---- C:\Program Files\AVG
2009-05-17 12:59:25 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-03 19:13:22 ----D---- C:\WINDOWS\Minidump
2009-05-01 18:58:20 ----D---- C:\Program Files\Common Files\Logitech
2009-05-01 17:58:05 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-05-01 17:56:58 ----RA---- C:\WINDOWS\bwUnin-8.1.1.87-8876480SL.exe
2009-05-01 17:56:29 ----D---- C:\Program Files\Logitech
2009-05-01 17:53:36 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-04-16 03:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 03:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 03:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 03:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 03:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-16 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-08 18:52:07 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-24 18:01:45 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-18 17:42:12 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

======List of files/folders modified in the last 3 months======

2009-06-11 21:29:11 ----D---- C:\WINDOWS\Prefetch
2009-06-11 20:43:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-11 05:37:56 ----D---- C:\WINDOWS\Temp
2009-06-10 17:06:54 ----D---- C:\Program Files\Mozilla Firefox
2009-06-09 16:41:35 ----D---- C:\WINDOWS\system32
2009-06-08 18:27:23 ----D---- C:\WINDOWS\system32\FxsTmp
2009-06-08 16:09:29 ----D---- C:\Documents and Settings\Owner\Application Data\Canon
2009-06-03 20:11:45 ----SHD---- C:\WINDOWS\Installer
2009-06-03 20:11:44 ----SHD---- C:\Config.Msi
2009-06-03 20:11:12 ----D---- C:\Program Files\iTunes
2009-06-03 20:10:52 ----D---- C:\Program Files\iPod
2009-06-03 20:09:12 ----D---- C:\Program Files\QuickTime
2009-06-03 20:06:45 ----HD---- C:\WINDOWS\inf
2009-06-03 20:06:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-31 08:21:45 ----D---- C:\Program Files
2009-05-30 10:03:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-30 07:34:24 ----D---- C:\WINDOWS
2009-05-30 07:34:22 ----D---- C:\WINDOWS\system32\Macromed
2009-05-28 21:37:27 ----SD---- C:\WINDOWS\Tasks
2009-05-28 21:35:42 ----D---- C:\Program Files\OpenOffice.org1.1.3
2009-05-27 18:16:10 ----D---- C:\WINDOWS\CREATOR
2009-05-24 07:30:45 ----D---- C:\WINDOWS\system32\drivers
2009-05-23 08:54:49 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-21 19:29:08 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-21 19:29:06 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 19:21:22 ----D---- C:\WINDOWS\security
2009-05-21 04:54:13 ----D---- C:\WINDOWS\system32\config
2009-05-20 18:26:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-20 17:58:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-20 14:53:44 ----D---- C:\Program Files\Common Files
2009-05-20 10:44:17 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-19 18:55:58 ----D---- C:\WINDOWS\WinSxS
2009-05-17 12:54:54 ----D---- C:\Program Files\BitDefender
2009-05-15 10:51:40 ----D---- C:\CB45
2009-05-09 07:52:32 ----D---- C:\WINDOWS\BDOSCAN8
2009-05-08 19:50:49 ----RASH---- C:\boot.ini
2009-05-08 19:50:49 ----A---- C:\WINDOWS\win.ini
2009-05-08 19:50:49 ----A---- C:\WINDOWS\system.ini
2009-05-08 19:50:47 ----D---- C:\WINDOWS\pss
2009-05-08 19:24:24 ----D---- C:\WINDOWS\Help
2009-05-03 21:15:50 ----SHD---- C:\RECYCLER
2009-05-02 11:40:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-02 11:18:02 ----A---- C:\WINDOWS\system32\user32.DLL
2009-05-01 17:56:47 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-30 11:01:39 ----D---- C:\WINDOWS\Registration
2009-04-16 03:16:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 03:11:36 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 03:11:36 ----D---- C:\WINDOWS\AppPatch
2009-04-16 03:05:02 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 03:01:31 ----D---- C:\Program Files\Internet Explorer
2009-03-21 09:18:57 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-18 17:39:18 ----D---- C:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-23 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-23 108552]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 saskutil;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2004-01-02 11520]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-11-21 2829824]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-29 9600]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 sasenum;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 60133b05;60133b05; C:\WINDOWS\System32\drivers\60133b05.sys []
S1 8966f7fc;8966f7fc; C:\WINDOWS\System32\drivers\8966f7fc.sys []
S1 aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\aavmker4.sys []
S1 aswsp;avast! Self Protection; C:\WINDOWS\system32\drivers\aswsp.sys []
S1 aswtdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswtdi.sys []
S2 aswfsblk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
S2 aswmon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswmon2.sys []
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-04 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 aswrdr;aswRdr; C:\WINDOWS\system32\drivers\aswrdr.sys []
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-04 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2004-01-02 432000]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2006-08-09 50688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-21 430080]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-05-23 908568]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-23 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-18 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 windefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S2 aswupdsv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192]
S2 avast! antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe []
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe [2006-08-10 294912]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2006-08-10 303104]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-08-10 159744]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! mail scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service []
S3 avast! web scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [2006-08-10 57344]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-08-10 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-07-20 73728]

-----------------EOF-----------------


Info.txt:

info.txt logfile of random's system information tool 1.06 2009-06-11 21:29:00

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0CF63063-BD94-4A8B-9966-B6FDC3F55B38}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Agere Systems PCI Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{6FD62F8E-F54F-4A1D-BEAF-E9D473738612}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Blackhawk Striker from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bounce Symphony from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
Canon MP Navigator 2.2-->"C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini
Canon MP830-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}\DelDrv.exe" /U:{0D25F7CC-B99C-44ee-9945-B14532B2BB7B} /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Crystal Maze from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Chef's Million Recipes-->C:\CB45\UNWISE.EXE C:\CB45\INSTALL.LOG
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
EuroTalk Multimedia Dictionary-->C:\PROGRA~1\EuroTalk\DICTIO~1\UNWISE.EXE C:\PROGRA~1\EuroTalk\DICTIO~1\INSTALL.LOG
First Step Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C797EAF2-707A-4239-BDF3-F2672314A734}\setup.exe" -l0x9 UNINSTALL
Five Card Frenzy from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Owner\My Documents\Download\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hoyle Card Games 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{744F6CCF-9F56-40A0-A33D-2A45D53B6046}
Hoyle Casino 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{224C47F4-CB95-406C-8AD6-81002FEED0CF}
Hoyle Games Demo-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59}
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5-->C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HPIZ350-->MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
ImageMixer VCD2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}
Logitech Z-5-->MsiExec.exe /X{C314AD4A-1715-40DD-9C20-04EF3D22598B}
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval - Total War ™ - Viking Invasion ™-->C:\PROGRA~1\TOTALW~1\MEDIEV~1\Uninstall\Unwise.exe /u C:\PROGRA~1\TOTALW~1\MEDIEV~1\Uninstall\Install.log
Medieval Total War-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Total War\Medieval - Total War\Uninst.isu"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Orbital from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Otto from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
Polar Bowler from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Presto! PageManager 7.15.11-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}\SETUP.EXE" -l0x9 anything
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Risk II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28F9CB51-2F81-40BF-9545-6FD1FCB1AC44}\SETUP.EXE" -l0x9
Roxio Content 9-->MsiExec.exe /X{787F2DC2-1699-44FA-A72F-9107166AF9CC}
Roxio Easy Media Creator 9 Suite-->MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
Roxio Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Slyder from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
The Sims Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
Toolkit View(HP)-->c:\Windows\HPTK\unhptkit.exe
Tradewinds from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Word Symphony from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe"
Xingtone Ringtone Maker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{625304B0-2976-473B-AD81-5CA376093F03}\setup.exe" -l0x9 -removeonly

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: LEAVELLE_HP
Event Code: 7000
Message: The Background Intelligent Transfer Service service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 44414
Source Name: Service Control Manager
Time Written: 20090503212020.000000-300
Event Type: error
User:

Computer Name: LEAVELLE_HP
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Record Number: 44404
Source Name: DCOM
Time Written: 20090503211417.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LEAVELLE_HP
Event Code: 7000
Message: The Background Intelligent Transfer Service service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 44403
Source Name: Service Control Manager
Time Written: 20090503211417.000000-300
Event Type: error
User:

Computer Name: LEAVELLE_HP
Event Code: 7000
Message: The Background Intelligent Transfer Service service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 44402
Source Name: Service Control Manager
Time Written: 20090503191856.000000-300
Event Type: error
User:

Computer Name: LEAVELLE_HP
Event Code: 1003
Message: Error code 1000008e, parameter1 c0000005, parameter2 006a8de1, parameter3 a70e6b68, parameter4 00000000.

Record Number: 44400
Source Name: System Error
Time Written: 20090503191539.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: LEAVELLE_HP
Event Code: 1002
Message: Hanging application wordpad.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 49423
Source Name: Application Hang
Time Written: 20081221114141.000000-360
Event Type: error
User:

Computer Name: LEAVELLE_HP
Event Code: 1517
Message: Windows saved user LEAVELLE_HP\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49399
Source Name: Userenv
Time Written: 20081218030645.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LEAVELLE_HP
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 49398
Source Name: crypt32
Time Written: 20081213212421.000000-360
Event Type: error
User:

Computer Name: LEAVELLE_HP
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 49397
Source Name: crypt32
Time Written: 20081213212421.000000-360
Event Type: error
User:

Computer Name: LEAVELLE_HP
Event Code: 1517
Message: Windows saved user LEAVELLE_HP\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49385
Source Name: Userenv
Time Written: 20081211030842.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 12 June 2009 - 09:40 AM

Hi sleavelle,

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or AVG.

Next

Before you do any of the next step you need to temporarily disable the TeaTimer protection in spybot, as it may
stop the tools we use from doing their job. Please keep it disabled whilst I am helping you then you can enable it again
when your clean.

To disable Teatimer, open Spybot and click on the Mode tab and select Advanced mode.
It will ask you if your sure you want to go into advanced mode, select yes.
Now go to tools and click on the resident tab.
Uncheck the box that says "Resident "TeaTimer" (Protection of over-all system settings) active".
Then close Spybot and reboot your computer.

Next

We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then please post back here with Combofix.txt and the Gmer log.

Thanks

unite.jpg


#7 sleavelle

sleavelle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 16 June 2009 - 05:10 AM

syler - sorry to be so slow responding to your assistance. Had limited availability last few days.

FYI - I had previously uninstalled Avast using add/remove but there were some "remnants" from the uninstall. The only to get rid of the last part seemed to be deleting the folder where the s/w was installed. I had uninstalled because it caused the PC to crash/reboot everytime I tried to run it. I had also uninstalled Spybot but apparently it's not completely gone from the registry or whatever.

Had some problems running the first download of Combofix and was advised to download again which I did and it completed. Here is the combofix log. I have to leave for work now, GMER scan is running but looks like it could take hours. Will post it later today or this evening.

_________________________________________________________________________________________________________


ComboFix 09-06-15.06 - Owner 06/16/2009 4:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.454 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Install.dat
D:\Autorun.inf
D:\Desktop.ini
G:\desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-12 02:28 . 2009-06-12 02:29 -------- d-----w- C:\rsit
2009-06-04 01:02 . 2009-06-04 01:02 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-31 13:21 . 2009-05-31 13:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-28 00:04 . 2009-05-28 00:04 -------- d-----w- c:\program files\2BrightSparks
2009-05-27 23:11 . 2009-05-27 23:11 -------- d-sh--w- c:\windows\ftpcache
2009-05-23 18:36 . 2004-08-04 05:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-23 18:36 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-23 15:09 . 2009-05-23 15:09 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-05-23 14:33 . 2009-05-23 14:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-23 14:33 . 2009-05-23 14:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-23 14:33 . 2009-05-23 14:33 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-23 14:33 . 2009-05-23 14:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-23 14:33 . 2009-06-15 23:39 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-23 14:33 . 2009-05-27 02:21 -------- d-----w- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-23 13:55 . 2009-06-16 04:21 -------- d-----w- c:\windows\system32\NtmsData
2009-05-22 00:20 . 2009-05-22 00:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-05-20 23:25 . 2009-06-16 09:18 -------- d-----w- c:\windows\system32\CatRoot2
2009-05-20 19:55 . 2009-06-16 09:17 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-20 19:55 . 2009-05-20 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-20 19:54 . 2009-05-29 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-20 19:54 . 2009-05-20 19:54 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-05-20 19:53 . 2009-05-20 19:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-20 15:44 . 2009-05-20 15:44 -------- d-----w- c:\program files\Windows Defender
2009-05-19 23:56 . 2009-05-22 00:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-19 23:56 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-05-19 23:56 . 2009-05-22 00:28 -------- d-----w- c:\program files\Lavasoft
2009-05-19 23:56 . 2009-05-22 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-19 14:50 . 2009-05-23 14:33 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 14:50 . 2009-05-23 14:33 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 14:49 . 2009-05-23 14:33 1437464 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-17 23:01 . 2009-05-17 23:01 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-17 23:01 . 2009-04-06 20:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-17 23:01 . 2009-04-06 20:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 23:01 . 2009-05-17 23:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 18:13 . 2009-06-15 05:15 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-17 17:59 . 2009-05-17 17:59 -------- d-----w- c:\program files\AVG
2009-05-17 17:59 . 2009-06-13 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 09:17 . 2004-10-17 12:28 -------- d-----w- c:\program files\OpenOffice.org1.1.3
2009-06-16 09:12 . 2004-04-01 04:49 577536 ----a-w- c:\windows\system32\user32.dll
2009-06-08 21:09 . 2006-07-30 18:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-06-04 01:11 . 2008-12-04 11:19 -------- d-----w- c:\program files\iTunes
2009-06-04 01:10 . 2008-12-04 11:19 -------- d-----w- c:\program files\iPod
2009-06-04 01:09 . 2008-12-04 11:18 -------- d-----w- c:\program files\QuickTime
2009-05-22 00:29 . 2006-03-14 10:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-22 00:29 . 2006-03-14 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 09:56 . 2004-09-19 18:01 50168 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 17:54 . 2007-10-16 22:18 -------- d-----w- c:\program files\BitDefender
2009-05-17 17:52 . 2006-10-06 00:21 81984 ----a-w- c:\windows\system32\bdod.bin
2009-05-02 20:37 . 2009-05-02 20:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-02 16:40 . 2004-04-01 04:49 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-05-01 23:58 . 2009-05-01 23:58 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-01 22:58 . 2009-05-01 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-05-01 22:56 . 2009-05-01 22:56 130208 ----a-r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2009-05-01 22:56 . 2009-05-01 22:56 -------- d-----w- c:\program files\Logitech
2009-05-01 22:56 . 2004-04-01 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 21:32 . 2006-09-19 20:44 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-01 15:03 . 2008-10-30 23:34 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2004-10-03 18:01 . 2004-10-03 18:01 0 --sha-w- c:\windows\SMINST\HPCD.sys
.
Infected c:\windows\system32\user32.dll hex repaired


------- Sigcheck -------

[7] 2003-10-04 14:54 168192 D999CE17681D7D074D534FC5BC662E0A c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2009-05-02 16:40 212480 791778A1F54D4B3F36773F11783A53FC c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-29 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Z-5 Speakers"="c:\program files\Logitech\Z-5 Speakers\Z-5 Speakers.exe" [2008-05-30 550160]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-23 1947928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 1.1.3.lnk - c:\program files\OpenOffice.org1.1.3\program\quickstart.exe [2004-9-10 61440]

c:\documents and settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-4-1 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-23 14:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\windefend]
@="Service"

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^hp digital imaging monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^logitech desktop messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^picture package menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^picture package vcd maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^quicken scheduled updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^updates from hp.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^owner^start menu^programs^startup^imstart.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=c:\windows\pss\IMStart.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2009 9:33 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2009 9:33 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/23/2009 9:33 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/23/2009 9:33 AM 298776]
R2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
S1 60133b05;60133b05;c:\windows\system32\drivers\60133b05.sys --> c:\windows\system32\drivers\60133b05.sys [?]
S1 8966f7fc;8966f7fc;c:\windows\system32\drivers\8966f7fc.sys --> c:\windows\system32\drivers\8966f7fc.sys [?]
S1 aswsp;avast! Self Protection; [x]
S2 aswfsblk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 mrtRate;mrtRate; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WUAUSERV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-06-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-dmirr.exe - c:\windows\system32\dmirr.exe
HKLM-Run-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mStart Page = hxxp://my.ev1.net/english/index.asp
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: {05D1BDEC-8934-4187-9BC9-6154232F6017} = 208.67.220.220,208.67.222.222
TCP: {8BFF42F7-6324-4C1E-B9A6-53695B3F5E2C} = 208.67.220.220,208.67.222.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {9706281E-985A-4BCE-B2B4-05AEC803D11A} - hxxps://insite.mhhs.org/MHHS_Portal_Login.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 04:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3103545305-233362654-91738228-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\CF30471.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\OpenOffice.org1.1.3\program\soffice.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\SoftwareDistribution\Download\61c1721af834119a58811f42fc1bb9fc\update\update.exe
.
**************************************************************************
.
Completion time: 2009-06-16 4:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 09:24

Pre-Run: 59,945,295,872 bytes free
Post-Run: 60,338,143,232 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

251 --- E O F --- 2009-04-16 08:05

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 16 June 2009 - 12:10 PM

Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.


It look like you have been running some other scans, please post the logs from any other scans you have run along with
the Gmer log and please do not run any other scans unless I ask you too, it just makes it more confusing for me.

unite.jpg


#9 sleavelle

sleavelle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 17 June 2009 - 09:10 AM

syler - not sure what scans you are referring to. Only scans other than combofix and GMER that I am aware of would the nightly automatic virus scans by AVG. Should I disable that function and leave only the Resident Shield active (when not running other scans for malware, etc. per your directions)?

I tried several times posting the GMER log here using Copy and Paste but each time it has failed, probably due to the size (9.92 MB) of the log file. I cannot attach the log file since it exceeds the max upload size. Where do we go from here?

I did notice that since I ran combofix and it installed the MS Recovery Console, my Automatic Updates is back in business. I saw this morning that updates were available for installation.

Thanks

Edited by sleavelle, 17 June 2009 - 09:16 AM.


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 17 June 2009 - 03:24 PM

I guess AVG must have removed some malware then, It's not that bigger deal, it was just caused a bit of confusion,
You can leave the automatic scan enabled, it's doing a good job :thumbup2:

Did you close all your running programs including AntiVirus, AntiSpyware, Firewall during the Gmer scan? If you didn't
Please disconnect from the internet and close all running programs then do a Gmer scan again. If you did do this, can
you split the log in half and post it in 2 replies?

Thanks

unite.jpg


#11 sleavelle

sleavelle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 18 June 2009 - 07:22 AM

OK, I hope this is a valid log now. I used msconfig to stop all programs from running on startup and then ran GMER. Here's the result:


Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 86F1B500 pIofCallDriver

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [86ED4982] NDIS.sys[.reloc]

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys (size mismatch) 182656/182912 bytes executable
File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 212480/182912 bytes executable
File C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 168192/182912 bytes executable

---- EOF - GMER 1.0.15 ----

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 18 June 2009 - 04:45 PM

Please delete the copy of Combofix you have and download a new copy from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#13 sleavelle

sleavelle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 18 June 2009 - 10:59 PM

Deleted, downloaded, stopped AVG and anti-spyware, ran Combofix. Here's the log:

ComboFix 09-06-18.02 - Owner 06/18/2009 22:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.578 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-0046213912-2095443485-447030024-2504
c:\recycler\S-1-5-21-2108639113-4273975784-1078960694-1003
c:\recycler\S-1-5-21-4308147798-3435427807-218878022-6678
c:\recycler\S-1-5-21-4461479671-4451734206-710926801-4075
c:\recycler\S-1-5-21-6247334180-2116146191-366262207-7558
c:\recycler\S-1-5-21-6750155748-7476149265-533690794-4235
c:\recycler\S-1-5-21-6769807564-4232586838-892862264-0633
c:\recycler\S-1-5-21-7420844190-9998438291-840337041-4054
c:\recycler\S-1-5-21-8192732491-9902407303-602432233-9756

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :thumbup2:
.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-18 05:01 . 2009-06-18 05:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-06-12 02:28 . 2009-06-12 02:29 -------- d-----w- C:\rsit
2009-06-04 01:02 . 2009-06-04 01:02 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-31 13:21 . 2009-05-31 13:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-28 00:04 . 2009-05-28 00:04 -------- d-----w- c:\program files\2BrightSparks
2009-05-27 23:11 . 2009-05-27 23:11 -------- d-sh--w- c:\windows\ftpcache
2009-05-23 18:36 . 2004-08-04 05:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-23 18:36 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-23 15:09 . 2009-05-23 15:09 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-05-23 14:33 . 2009-05-23 14:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-23 14:33 . 2009-05-23 14:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-23 14:33 . 2009-05-23 14:33 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-23 14:33 . 2009-05-23 14:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-23 14:33 . 2009-06-18 22:39 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-23 14:33 . 2009-05-27 02:21 -------- d-----w- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-23 13:55 . 2009-06-18 12:15 -------- d-----w- c:\windows\system32\NtmsData
2009-05-22 00:20 . 2009-05-22 00:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-05-20 23:25 . 2009-06-19 03:36 -------- d-----w- c:\windows\system32\CatRoot2
2009-05-20 19:55 . 2009-06-19 03:36 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-20 19:55 . 2009-05-20 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-20 19:54 . 2009-05-29 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-20 19:54 . 2009-05-20 19:54 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-05-20 19:53 . 2009-05-20 19:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-20 15:44 . 2009-05-20 15:44 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 03:33 . 2004-04-01 04:49 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-17 14:29 . 2004-10-17 12:28 -------- d-----w- c:\program files\OpenOffice.org1.1.3
2009-06-16 09:12 . 2004-04-01 04:49 577536 ----a-w- c:\windows\system32\user32.dll
2009-06-13 03:43 . 2009-05-17 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 21:09 . 2006-07-30 18:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-06-04 01:11 . 2008-12-04 11:19 -------- d-----w- c:\program files\iTunes
2009-06-04 01:10 . 2008-12-04 11:19 -------- d-----w- c:\program files\iPod
2009-06-04 01:09 . 2008-12-04 11:18 -------- d-----w- c:\program files\QuickTime
2009-05-23 14:33 . 2009-05-19 14:50 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-23 14:33 . 2009-05-19 14:49 1437464 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-23 14:33 . 2009-05-19 14:50 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-22 00:30 . 2009-05-19 23:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-22 00:29 . 2006-03-14 10:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-22 00:29 . 2006-03-14 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-22 00:28 . 2009-05-19 23:56 -------- d-----w- c:\program files\Lavasoft
2009-05-22 00:28 . 2009-05-19 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-21 09:56 . 2004-09-19 18:01 50168 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 23:01 . 2009-05-17 23:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 23:01 . 2009-05-17 23:01 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-17 18:06 . 2009-05-17 18:06 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-05-17 17:59 . 2009-05-17 17:59 -------- d-----w- c:\program files\AVG
2009-05-17 17:54 . 2007-10-16 22:18 -------- d-----w- c:\program files\BitDefender
2009-05-17 17:52 . 2006-10-06 00:21 81984 ----a-w- c:\windows\system32\bdod.bin
2009-05-07 15:44 . 2004-04-29 18:04 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 20:37 . 2009-05-02 20:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-01 23:58 . 2009-05-01 23:58 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-01 22:58 . 2009-05-01 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-05-01 22:56 . 2009-05-01 22:56 130208 ----a-r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2009-05-01 22:56 . 2009-05-01 22:56 -------- d-----w- c:\program files\Logitech
2009-05-01 22:56 . 2004-04-01 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-29 04:52 . 2004-01-22 07:16 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-09-19 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-04-01 04:50 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-09-19 17:25 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 20:32 . 2009-05-17 23:01 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2009-05-17 23:01 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-01 15:03 . 2008-10-30 23:34 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2004-10-03 18:01 . 2004-10-03 18:01 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-16_09.18.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-19 03:34 . 2009-06-19 03:34 16384 c:\windows\Temp\Perflib_Perfdata_424.dat
+ 2004-04-01 08:19 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
- 2004-04-01 08:19 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2004-04-29 17:29 . 2009-04-29 04:52 39424 c:\windows\system32\pngfilt.dll
- 2004-04-29 17:29 . 2009-02-20 08:30 39424 c:\windows\system32\pngfilt.dll
- 2004-04-29 18:03 . 2009-02-20 08:30 16384 c:\windows\system32\jsproxy.dll
+ 2004-04-29 18:03 . 2009-04-29 04:52 16384 c:\windows\system32\jsproxy.dll
- 2004-04-29 18:03 . 2009-02-20 08:30 96256 c:\windows\system32\inseng.dll
+ 2004-04-29 18:03 . 2009-04-29 04:52 96256 c:\windows\system32\inseng.dll
- 2004-09-19 17:51 . 2009-02-20 08:30 55808 c:\windows\system32\extmgr.dll
+ 2004-09-19 17:51 . 2009-04-29 04:52 55808 c:\windows\system32\extmgr.dll
+ 2006-05-10 05:23 . 2009-04-29 04:52 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2006-05-10 05:23 . 2009-02-20 08:30 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-05-10 05:22 . 2009-04-29 04:52 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2009-02-20 08:30 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2009-02-20 08:30 96256 c:\windows\system32\dllcache\inseng.dll
+ 2006-05-10 05:22 . 2009-04-29 04:52 96256 c:\windows\system32\dllcache\inseng.dll
- 2009-02-20 08:30 . 2009-02-20 08:30 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 08:30 . 2009-04-29 04:52 81920 c:\windows\system32\dllcache\ieencode.dll
- 2006-05-09 11:00 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
+ 2006-05-09 11:00 . 2009-04-27 09:17 18432 c:\windows\system32\dllcache\iedw.exe
- 2006-05-10 05:22 . 2009-02-20 08:30 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-05-10 05:22 . 2009-04-29 04:52 55808 c:\windows\system32\dllcache\extmgr.dll
- 2009-05-23 15:09 . 2009-06-03 06:35 32768 c:\windows\system32\config\systemprofile\UserData\index.dat
+ 2009-05-23 15:09 . 2009-06-16 09:29 32768 c:\windows\system32\config\systemprofile\UserData\index.dat
+ 2009-06-18 12:22 . 2009-06-19 00:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009061820090619\index.dat
+ 2009-06-16 10:31 . 2009-06-16 10:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009061620090617\index.dat
+ 2009-06-16 10:30 . 2009-06-16 10:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009060120090608\index.dat
+ 2004-04-01 06:01 . 2009-06-19 03:27 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-04-01 06:01 . 2009-06-03 06:35 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-05-17 00:25 . 2009-04-27 09:18 351744 c:\windows\system32\xpsp3res.dll
- 2005-05-17 00:25 . 2009-02-19 09:47 351744 c:\windows\system32\xpsp3res.dll
- 2003-09-10 22:48 . 2009-02-20 08:30 616448 c:\windows\system32\urlmon.dll
+ 2003-09-10 22:48 . 2009-04-29 04:52 616448 c:\windows\system32\urlmon.dll
+ 2003-07-14 07:05 . 2009-04-29 04:52 474112 c:\windows\system32\shlwapi.dll
- 2003-07-14 07:05 . 2009-02-20 08:30 474112 c:\windows\system32\shlwapi.dll
+ 2004-04-29 18:04 . 2009-04-29 04:52 532480 c:\windows\system32\mstime.dll
- 2004-04-29 18:04 . 2009-02-20 08:30 532480 c:\windows\system32\mstime.dll
- 2004-04-29 18:04 . 2009-02-20 08:30 146432 c:\windows\system32\msrating.dll
+ 2004-04-29 18:04 . 2009-04-29 04:52 146432 c:\windows\system32\msrating.dll
+ 2004-04-29 18:04 . 2009-04-29 04:52 449024 c:\windows\system32\mshtmled.dll
- 2004-04-29 18:04 . 2009-02-20 08:30 449024 c:\windows\system32\mshtmled.dll
- 2004-04-29 18:03 . 2009-02-20 08:30 251392 c:\windows\system32\iepeers.dll
+ 2004-04-29 18:03 . 2009-04-29 04:52 251392 c:\windows\system32\iepeers.dll
- 2004-03-31 21:53 . 2009-05-21 03:36 205712 c:\windows\system32\FNTCACHE.DAT
+ 2004-03-31 21:53 . 2009-06-17 11:23 205712 c:\windows\system32\FNTCACHE.DAT
+ 2004-04-29 18:03 . 2009-04-29 04:52 205312 c:\windows\system32\dxtrans.dll
- 2004-04-29 18:03 . 2009-02-20 08:30 205312 c:\windows\system32\dxtrans.dll
+ 2004-04-29 18:03 . 2009-04-29 04:52 357888 c:\windows\system32\dxtmsft.dll
- 2004-04-29 18:03 . 2009-02-20 08:30 357888 c:\windows\system32\dxtmsft.dll
- 2006-05-10 05:23 . 2009-02-20 08:30 659456 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:23 . 2009-04-29 04:52 659456 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:23 . 2009-02-20 08:30 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-10 05:23 . 2009-04-29 04:52 616448 c:\windows\system32\dllcache\urlmon.dll
- 2006-05-10 05:23 . 2009-02-20 08:30 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-05-10 05:23 . 2009-04-29 04:52 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2007-10-22 22:26 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2007-10-22 22:26 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-04-01 04:49 . 2009-06-19 03:26 182912 c:\windows\system32\dllcache\ndis.sys
- 2006-05-10 05:23 . 2009-02-20 08:30 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2009-04-29 04:52 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2009-02-20 08:30 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:23 . 2009-04-29 04:52 146432 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:23 . 2009-02-20 08:30 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-10 05:23 . 2009-04-29 04:52 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2006-05-10 05:22 . 2009-04-29 04:52 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:22 . 2009-02-20 08:30 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:22 . 2009-02-20 08:30 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2009-04-29 04:52 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2009-04-29 04:52 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:22 . 2009-02-20 08:30 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:22 . 2009-02-20 08:30 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2006-05-10 05:22 . 2009-04-29 04:52 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-04-01 06:01 . 2009-06-19 03:27 966656 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-04-01 06:01 . 2009-06-03 06:35 966656 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-04-01 06:01 . 2009-06-19 03:27 262144 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-04-01 06:01 . 2009-06-03 06:35 262144 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-04-29 18:02 . 2009-02-20 08:30 151040 c:\windows\system32\cdfview.dll
+ 2004-04-29 18:02 . 2009-04-29 04:52 151040 c:\windows\system32\cdfview.dll
- 2003-05-24 04:15 . 2009-03-02 23:52 1495552 c:\windows\system32\shdocvw.dll
+ 2003-05-24 04:15 . 2009-04-29 04:52 1495552 c:\windows\system32\shdocvw.dll
+ 2003-09-19 09:28 . 2009-04-29 04:52 3060736 c:\windows\system32\mshtml.dll
+ 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2006-05-29 15:30 . 2009-04-29 04:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
- 2006-05-29 15:30 . 2009-03-02 23:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-05-19 15:08 . 2009-04-29 04:52 3060736 c:\windows\system32\dllcache\mshtml.dll
- 2006-05-10 05:22 . 2009-02-20 08:30 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-05-10 05:22 . 2009-04-29 04:52 1054208 c:\windows\system32\dllcache\danim.dll
- 2006-05-10 05:22 . 2009-02-20 08:30 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2006-05-10 05:22 . 2009-04-29 04:52 1023488 c:\windows\system32\dllcache\browseui.dll
- 2004-04-29 18:02 . 2009-02-20 08:30 1054208 c:\windows\system32\danim.dll
+ 2004-04-29 18:02 . 2009-04-29 04:52 1054208 c:\windows\system32\danim.dll
- 2004-01-22 07:21 . 2009-02-20 08:30 1023488 c:\windows\system32\browseui.dll
+ 2004-01-22 07:21 . 2009-04-29 04:52 1023488 c:\windows\system32\browseui.dll
+ 2009-05-20 16:22 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-29 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Z-5 Speakers"="c:\program files\Logitech\Z-5 Speakers\Z-5 Speakers.exe" [2008-05-30 550160]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-23 1947928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-4-1 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-23 14:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\windefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=c:\windows\pss\IMStart.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2009 9:33 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2009 9:33 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/23/2009 9:33 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/23/2009 9:33 AM 298776]
R2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
S1 60133b05;60133b05;c:\windows\system32\drivers\60133b05.sys --> c:\windows\system32\drivers\60133b05.sys [?]
S1 8966f7fc;8966f7fc;c:\windows\system32\drivers\8966f7fc.sys --> c:\windows\system32\drivers\8966f7fc.sys [?]
S1 aswsp;avast! Self Protection; [x]
S2 aswfsblk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 mrtRate;mrtRate; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mStart Page = hxxp://my.ev1.net/english/index.asp
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: {05D1BDEC-8934-4187-9BC9-6154232F6017} = 208.67.220.220,208.67.222.222
TCP: {8BFF42F7-6324-4C1E-B9A6-53695B3F5E2C} = 208.67.220.220,208.67.222.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {9706281E-985A-4BCE-B2B4-05AEC803D11A} - hxxps://insite.mhhs.org/MHHS_Portal_Login.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 22:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3103545305-233362654-91738228-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
.
**************************************************************************
.
Completion time: 2009-06-19 22:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-19 03:46
ComboFix2.txt 2009-06-16 09:24

Pre-Run: 60,189,507,584 bytes free
Post-Run: 59,734,892,544 bytes free

330 --- E O F --- 2009-06-17 12:20

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 19 June 2009 - 12:31 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\drivers\svchost.exe
c:\windows\system32\drivers\60133b05.sys
c:\windows\system32\drivers\8966f7fc.sys
c:\windows\system32\DRIVERS\aswFsBlk.sys

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-

Driver::
60133b05
8966f7fc
aswsp
aswfsblk

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#15 sleavelle

sleavelle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 20 June 2009 - 05:57 AM

ComboFix 09-06-18.02 - Owner 06/20/2009 5:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.556 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\drivers\60133b05.sys"
"c:\windows\system32\drivers\8966f7fc.sys"
"c:\windows\system32\DRIVERS\aswFsBlk.sys"
"c:\windows\System32\drivers\svchost.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_8966F7FC
-------\Legacy_ASWFSBLK
-------\Legacy_ASWSP
-------\Service_60133b05
-------\Service_8966f7fc
-------\Service_aswfsblk
-------\Service_aswsp


((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-18 05:01 . 2009-06-18 05:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-06-12 02:28 . 2009-06-12 02:29 -------- d-----w- C:\rsit
2009-06-04 01:02 . 2009-06-04 01:02 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-31 13:21 . 2009-05-31 13:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-28 00:04 . 2009-05-28 00:04 -------- d-----w- c:\program files\2BrightSparks
2009-05-27 23:11 . 2009-05-27 23:11 -------- d-sh--w- c:\windows\ftpcache
2009-05-23 18:36 . 2004-08-04 05:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-23 18:36 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-23 15:09 . 2009-05-23 15:09 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-05-23 14:33 . 2009-05-23 14:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-23 14:33 . 2009-05-23 14:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-23 14:33 . 2009-05-23 14:33 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-23 14:33 . 2009-05-23 14:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-23 14:33 . 2009-06-19 23:53 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-23 14:33 . 2009-05-27 02:21 -------- d-----w- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-23 13:55 . 2009-06-19 03:35 -------- d-----w- c:\windows\system32\NtmsData
2009-05-22 00:20 . 2009-05-22 00:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 10:49 . 2009-05-20 19:55 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-19 03:33 . 2004-04-01 04:49 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-17 14:29 . 2004-10-17 12:28 -------- d-----w- c:\program files\OpenOffice.org1.1.3
2009-06-16 09:12 . 2004-04-01 04:49 577536 ----a-w- c:\windows\system32\user32.dll
2009-06-13 03:43 . 2009-05-17 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 21:09 . 2006-07-30 18:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-06-04 01:11 . 2008-12-04 11:19 -------- d-----w- c:\program files\iTunes
2009-06-04 01:10 . 2008-12-04 11:19 -------- d-----w- c:\program files\iPod
2009-06-04 01:09 . 2008-12-04 11:18 -------- d-----w- c:\program files\QuickTime
2009-05-29 02:30 . 2009-05-20 19:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-23 14:33 . 2009-05-19 14:50 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-23 14:33 . 2009-05-19 14:49 1437464 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-23 14:33 . 2009-05-19 14:50 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-22 00:30 . 2009-05-19 23:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-22 00:29 . 2006-03-14 10:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-22 00:29 . 2006-03-14 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-22 00:28 . 2009-05-19 23:56 -------- d-----w- c:\program files\Lavasoft
2009-05-22 00:28 . 2009-05-19 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-21 09:56 . 2004-09-19 18:01 50168 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 19:55 . 2009-05-20 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-20 19:54 . 2009-05-20 19:54 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-05-20 19:53 . 2009-05-20 19:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-20 15:44 . 2009-05-20 15:44 -------- d-----w- c:\program files\Windows Defender
2009-05-17 23:01 . 2009-05-17 23:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 23:01 . 2009-05-17 23:01 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-17 18:06 . 2009-05-17 18:06 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-05-17 17:59 . 2009-05-17 17:59 -------- d-----w- c:\program files\AVG
2009-05-17 17:54 . 2007-10-16 22:18 -------- d-----w- c:\program files\BitDefender
2009-05-17 17:52 . 2006-10-06 00:21 81984 ----a-w- c:\windows\system32\bdod.bin
2009-05-07 15:44 . 2004-04-29 18:04 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 20:37 . 2009-05-02 20:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-01 23:58 . 2009-05-01 23:58 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-01 22:58 . 2009-05-01 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-05-01 22:56 . 2009-05-01 22:56 130208 ----a-r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2009-05-01 22:56 . 2009-05-01 22:56 -------- d-----w- c:\program files\Logitech
2009-05-01 22:56 . 2004-04-01 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-29 04:52 . 2004-01-22 07:16 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-09-19 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-04-01 04:50 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-09-19 17:25 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 20:32 . 2009-05-17 23:01 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2009-05-17 23:01 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-01 15:03 . 2008-10-30 23:34 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2004-10-03 18:01 . 2004-10-03 18:01 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-06-19_03.36.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-20 10:48 . 2009-06-20 10:48 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-29 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Z-5 Speakers"="c:\program files\Logitech\Z-5 Speakers\Z-5 Speakers.exe" [2008-05-30 550160]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-23 1947928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-4-1 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-23 14:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\windefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=c:\windows\pss\IMStart.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2009 9:33 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2009 9:33 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/23/2009 9:33 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/23/2009 9:33 AM 298776]
R2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
S2 mrtRate;mrtRate; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mStart Page = hxxp://my.ev1.net/english/index.asp
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: {05D1BDEC-8934-4187-9BC9-6154232F6017} = 208.67.220.220,208.67.222.222
TCP: {8BFF42F7-6324-4C1E-B9A6-53695B3F5E2C} = 208.67.220.220,208.67.222.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {9706281E-985A-4BCE-B2B4-05AEC803D11A} - hxxps://insite.mhhs.org/MHHS_Portal_Login.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 05:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3103545305-233362654-91738228-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-20 5:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-20 10:55
ComboFix2.txt 2009-06-19 03:46
ComboFix3.txt 2009-06-16 09:24

Pre-Run: 60,162,375,680 bytes free
Post-Run: 60,145,504,256 bytes free

233 --- E O F --- 2009-06-19 10:17




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users