Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
34 replies to this topic

#1 TomTerrific

TomTerrific

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 24 August 2009 - 05:29 PM

Redirects when clicking a link in a Google search result. Getting frequent BSDs, now crashing shortly after booting in Windows normal mode, but not when in Safe Mode. Reports of corrupted files, in normal mode, not safe mode. I've tried everything to get rid of it - AntiMalwareBytes, AVG, etc., but no luck. The Kapersky Online Scan hung up. Can't set a system restore point. Won't run chkdsk - reports that the file system is RAW. I've pasted in DDS.txt and attached Attach.zip (containing Attach.txt) and Ark.zip (containing Ark.txt).

Here is DDS.txt:


DDS (Ver_09-07-30.01) - FAT32x86 NETWORK
Run by Steven Callihan at 14:28:55.92 on Mon 08/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.342 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\Explorer.EXE
C:\Documents and Settings\Steven Callihan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = file:///D:/www/start.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {00000000-0000-0000-0000-000000000002} - No File
BHO: {15F4D456-5BAA-4076-8486-EECB38CD3E57} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {512ACF1B-64D9-4928-B382-A80556F28DB4} - No File
BHO: {9579D574-D4D8-4335-9560-FE8641A013BD} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E713904C-DF05-4C79-BBAD-02DB923253BE} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {3E1201F4-1707-409F-BB45-A5F192381DA0} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] d:\program files\super\SUPERAntiSpyware.exe
mRun: [SetIcon] c:\program files\icons\SetIcon.exe
mRun: [EPSON Stylus Photo R800] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Anonymization - c:\windows\system32\sys32.htm
IE: &Anonymization\Contexts - 23000000
IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
IE: Download all by Net Transport - c:\program files\xi\nettransport 2\NTAddList.html
IE: Download by Net Transport - c:\program files\xi\nettransport 2\NTAddLink.html
IE: E&xport to Microsoft Excel - d:\progra~1\office~1\office12\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\earthlink totalaccess\toolbar\SearchUI.dll/search.html
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD}
IE: {8B466019-1E6E-4552-A096-7C0A2876E50E} - {9CF386F2-A9C9-4c5b-9B44-9345B39EC707} - c:\windows\system32\shdocvw.dll
DPF: {00000075-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206549232250
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38021.7036574074
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - d:\program files\super\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\super\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steven~1\applic~1\mozilla\firefox\profiles\sz7lr2u4.default\
FF - prefs.js: browser.startup.homepage - file:///D:/www/start.html
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.ftp - localhost:8080
FF - prefs.js: network.proxy.gopher - localhost:8080
FF - prefs.js: network.proxy.http - localhost:8080
FF - prefs.js: network.proxy.socks - localhost:8080
FF - prefs.js: network.proxy.ssl - localhost:8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\steven callihan\application data\mozilla\firefox\profiles\sz7lr2u4.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071102000005.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll
FF - plugin: d:\program files\opera\program\plugins\npdsplay.dll
FF - plugin: d:\program files\opera\program\plugins\NPJava11.dll
FF - plugin: d:\program files\opera\program\plugins\NPJava12.dll
FF - plugin: d:\program files\opera\program\plugins\NPJava13.dll
FF - plugin: d:\program files\opera\program\plugins\NPJava14.dll
FF - plugin: d:\program files\opera\program\plugins\NPJava32.dll
FF - plugin: d:\program files\opera\program\plugins\NPJPI150_06.dll
FF - plugin: d:\program files\opera\program\plugins\NPSWF32.dll
FF - plugin: d:\program files\opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-4 64160]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-13 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-13 335240]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-13 27784]
S1 SASDIFSV;SASDIFSV;d:\program files\super\sasdifsv.sys [2009-8-5 9968]
S1 SASKUTIL;SASKUTIL;d:\program files\super\SASKUTIL.SYS [2009-8-5 74480]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\drivers\VCdRom.sys [2008-7-21 8576]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-13 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-13 297752]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S2 SCANDEV;SCANDEV;c:\windows\system32\drivers\Scandev.SYS [2004-2-18 135776]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\ADSFilter.sys [2007-8-3 57456]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver);c:\windows\system32\drivers\ADSMonitor.sys [2007-8-3 38384]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectdriver.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectDriver.sys [?]
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectfilter.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectFilter.sys [?]
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectshim.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectShim.sys [?]
S3 rr;rr;\??\c:\windows\system32\drivers\rr.sys --> c:\windows\system32\drivers\rr.sys [?]
S3 SASENUM;SASENUM;d:\program files\super\SASENUM.SYS [2009-8-5 7408]
UnknownUnknown rootrepeal;rootrepeal; [x]

=============== Created Last 30 ================

2009-08-24 13:07 389,120 a------- c:\windows\system32\CF535.exe
2009-08-24 13:07 <DIR> --ds---- C:\toolc
2009-08-24 13:07 389,120 a------- c:\windows\system32\CF437.exe
2009-08-24 11:31 389,120 a------- c:\windows\system32\CF14503.exe
2009-08-24 11:22 389,120 a------- c:\windows\system32\CF12628.exe
2009-08-24 11:22 <DIR> --ds---- C:\ctool
2009-08-24 11:17 389,120 a------- c:\windows\system32\CF11642.exe
2009-08-24 11:16 389,120 a------- c:\windows\system32\CF11541.exe
2009-08-24 10:55 389,120 a------- c:\windows\system32\CF7433.exe
2009-08-24 10:52 389,120 a------- c:\windows\system32\CF6878.exe
2009-08-24 10:52 <DIR> --ds---- C:\toolb
2009-08-24 10:51 389,120 a------- c:\windows\system32\CF6633.exe
2009-08-24 10:50 389,120 a------- c:\windows\system32\CF6499.exe
2009-08-24 10:08 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 10:07 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-24 02:20 389,120 a------- c:\windows\system32\CF4896.exe
2009-08-24 02:20 <DIR> --ds---- C:\Combo-Fix
2009-08-24 01:51 536,428,544 a------- c:\windows\MEMORY.DMP
2009-08-20 18:26 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-20 18:26 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-20 17:44 <DIR> --d----- c:\windows\system32\scripting
2009-08-20 17:44 <DIR> --d----- c:\windows\l2schemas
2009-08-20 17:44 <DIR> --d----- c:\windows\system32\en
2009-08-20 17:38 <DIR> --d----- c:\windows\EHome
2009-08-19 23:42 <DIR> --d----- c:\windows\system32\SuperAdBlocker.com
2009-08-19 22:03 <DIR> --dsh--- C:\Recycled
2009-08-19 15:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-19 15:19 <DIR> --d----- c:\docume~1\steven~1\applic~1\SUPERAntiSpyware.com
2009-08-19 15:00 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-19 14:34 229,376 a------- c:\windows\PEV.exe
2009-08-19 14:34 161,792 a------- c:\windows\SWREG.exe
2009-08-19 14:34 98,816 a------- c:\windows\sed.exe
2009-08-12 16:23 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-12 09:30 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-20 17:46 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-19 23:42 29,842 a------- c:\windows\mozver.dat
2009-08-18 21:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 21:51 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 06:19 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 06:19 5,937,152 a------- c:\windows\system32\dllcache\cache\mshtml.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\dllcache\atl.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-03 04:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 07:17 56,356 a---h--- c:\windows\system32\mlfcache.dat
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 01:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 04:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 05:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 07:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-09 23:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 12:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-04-06 16:08 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-04-06 16:08 88 ---shr-- c:\docume~1\alluse~1\applic~1\8128BC4FC0.sys
2008-03-12 22:20 5,488 a------- c:\docume~1\steven~1\applic~1\mpauth.dat
2004-08-16 20:26 3,730 a------- c:\program files\WS_FTP.inibak
2003-01-02 18:04 1,152 a------- c:\program files\readme.txt
2001-12-19 11:45 23,552 a------- c:\program files\VCdControlTool.exe
2001-12-19 11:45 8,576 a------- c:\program files\VCdRom.sys
2008-03-28 16:03 848 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 14:29:18.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:57 AM

Posted 05 September 2009 - 10:48 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 TomTerrific

TomTerrific
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 08 September 2009 - 01:12 PM

Sorry about the delay - was tied up over the holiday weekend.

I've attached the files you requested. When I tried to do a full scan on all my drives (C, D, G, L), Windows crashed while processing the last drive (which has happened before). To repeated the scan, but just on C. I can repeat the scan on the other drives if you require it.

Google search results are no longer being redirected. Chkdsk now works, with drive C is now being reported by Chkdsk as FAT 32, not RAW. Malwarebyte keeps finding and removing the registry tool for rootkit.TDSS, but it keeps coming back.

This morning I was blocked from downloading the latest version of the Kapersky Virus Removal Tool - had to right-click and save to download, but then had an error reported when trying to install.

Thanks for your assistance.

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:57 AM

Posted 08 September 2009 - 08:02 PM

Hi,

This morning I was blocked from downloading the latest version of the Kapersky Virus Removal Tool


Please do not run any other tools whilst I am helping you. Also please post the logs I request, like I asked in my first post.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please post back here with the following:
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 TomTerrific

TomTerrific
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 09 September 2009 - 12:06 PM

I've attached the two logs you requested (Gmer.log and rsit-log.txt).

Muchas gracias...

Attached Files



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:57 AM

Posted 09 September 2009 - 09:10 PM

Also please post the logs I request, like I asked in my first post.


Can you post the logs like I have now asked twice.

unite.jpg


#7 TomTerrific

TomTerrific
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 September 2009 - 11:12 AM

Also please post the logs I request, like I asked in my first post.


Can you post the logs like I have now asked twice.


Sorry, I missed that you wanted me to paste, not attach the log files. I've pasted them in below:

MBAM log (in reply to first post):

Malwarebytes' Anti-Malware 1.40
Database version: 2758
Windows 5.1.2600 Service Pack 3

9/8/2009 10:44:29 AM
mbam-log-2009-09-08 (10-44-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 164661
Time elapsed: 16 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmvrinykle (Rootkit.TDSS) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


log.txt (RSIT, in reply to first post):

Logfile of random's system information tool 1.06 (written by random/random)
Run by Steven Callihan at 2009-09-08 10:51:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (33%) free of 30 GB
Total RAM: 511 MB (6% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:36 AM, on 9/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\savedump.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Icons\SetIcon.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Steven Callihan\Desktop\RS.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\Steven Callihan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/www/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000002} - (no file)
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - (no file)
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: is-1N6HC.lnk = C:\Documents and Settings\Steven Callihan\Desktop\Virus Removal Tool1\is-1N6HC\startup.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Anonymization - C:\WINDOWS\System32\sys32.htm
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Anonymization.Net - {8B466019-1E6E-4552-A096-7C0A2876E50E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206549232250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: ADSService - Unknown owner - C:\Program Files\Common Files\ADS\ADSService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe (file missing)
O23 - Service: ELNK Update Service (ELNKUpdateService) - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\windows\system32\gearsec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtectionService - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe (file missing)

--
End of file - 11574 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\Ad-Aware Update (Weekly).job
C:\windows\tasks\gwtfigqh.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000002}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-18 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-22 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{C7768536-96F8-4001-B1A2-90EE21279187}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SetIcon"=C:\Program Files\Icons\SetIcon.exe [2002-08-22 39936]
"EPSON Stylus Photo R800"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE [2003-08-07 99840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-20 149280]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2003-05-15 114688]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-18 2007832]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2008-05-03 86016]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\System32\NVMCTRAY.DLL [2008-05-03 86016]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-04-02 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2006-05-19 18577448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\windows\SOUNDMAN.EXE [2004-01-09 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-20 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
C:\PROGRA~1\Nikon\NkView6\NkvMon.exe [2003-07-11 241664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Steven Callihan\Start Menu\Programs\Startup
is-1N6HC.lnk - C:\Documents and Settings\Steven Callihan\Desktop\Virus Removal Tool1\is-1N6HC\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\windows\system32\avgrsstx.dll [2009-08-18 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"system"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WS_FTP\WS_FTP95.exe"="C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware"
"C:\Program Files\AVG\AVG8\AVGTRAY.EXE"="C:\Program Files\AVG\AVG8\AVGTRAY.EXE:*:Enabled:AVG Free Tray Icon"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\AVG\AVG8\avgui.exe"="C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:AVG Free User Interface"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - edit -
.reg - open -

======List of files/folders created in the last 1 months======

2009-09-08 10:51:30 ----D---- C:\rsit
2009-09-08 00:05:41 ----A---- C:\RootRepeal report 09-08-09 (00-05-41).txt
2009-09-07 23:53:02 ----HD---- C:\windows\$NtUninstallKB970653-v3$
2009-09-07 18:45:18 ----A---- C:\windows\imsins.BAK
2009-09-02 22:12:18 ----SHD---- C:\FOUND.004
2009-09-01 19:25:46 ----SHD---- C:\FOUND.003
2009-08-26 09:46:50 ----SHD---- C:\FOUND.002
2009-08-25 21:12:44 ----SHD---- C:\FOUND.001
2009-08-24 20:27:09 ----A---- C:\RootRepeal report 08-24-09 (20-27-09).txt
2009-08-24 19:51:04 ----A---- C:\RootRepeal report 08-24-09 (19-51-04).txt
2009-08-24 16:34:52 ----SHD---- C:\FOUND.000
2009-08-24 14:32:50 ----A---- C:\RootRepeal report 08-24-09 (14-32-50).txt
2009-08-24 13:07:39 ----SD---- C:\toolc
2009-08-24 13:07:39 ----A---- C:\windows\system32\CF535.exe
2009-08-24 13:07:09 ----A---- C:\windows\system32\CF437.exe
2009-08-24 12:40:29 ----A---- C:\RootRepeal report 08-24-09 (12-40-29).txt
2009-08-24 11:31:41 ----A---- C:\windows\system32\CF14503.exe
2009-08-24 11:22:07 ----SD---- C:\ctool
2009-08-24 11:22:07 ----A---- C:\windows\system32\CF12628.exe
2009-08-24 11:17:05 ----A---- C:\windows\system32\CF11642.exe
2009-08-24 11:16:35 ----A---- C:\windows\system32\CF11541.exe
2009-08-24 10:55:36 ----A---- C:\windows\system32\CF7433.exe
2009-08-24 10:52:47 ----SD---- C:\toolb
2009-08-24 10:52:47 ----A---- C:\windows\system32\CF6878.exe
2009-08-24 10:51:31 ----A---- C:\windows\system32\CF6633.exe
2009-08-24 10:50:52 ----A---- C:\windows\system32\CF6499.exe
2009-08-24 02:20:59 ----SD---- C:\Combo-Fix
2009-08-24 02:20:59 ----A---- C:\windows\system32\CF4896.exe
2009-08-24 01:51:26 ----A---- C:\windows\ntbtlog.txt
2009-08-20 18:26:55 ----A---- C:\windows\system32\deploytk.dll
2009-08-20 18:09:17 ----HD---- C:\windows\$NtUninstallKB956744$
2009-08-20 18:09:12 ----HD---- C:\windows\$NtUninstallKB968389$
2009-08-20 18:09:08 ----HD---- C:\windows\$NtUninstallKB938464-v2$
2009-08-20 18:08:59 ----HD---- C:\windows\$NtUninstallKB951978$
2009-08-20 17:50:34 ----HD---- C:\windows\$NtUninstallKB973869$
2009-08-20 17:50:31 ----HD---- C:\windows\$NtUninstallKB973354$
2009-08-20 17:50:28 ----HD---- C:\windows\$NtUninstallKB960859$
2009-08-20 17:50:25 ----HD---- C:\windows\$NtUninstallKB971657$
2009-08-20 17:50:21 ----HD---- C:\windows\$NtUninstallKB971557$
2009-08-20 17:50:18 ----HD---- C:\windows\$NtUninstallKB973507$
2009-08-20 17:50:15 ----HD---- C:\windows\$NtUninstallKB973815$
2009-08-20 17:50:09 ----HD---- C:\windows\$NtUninstallKB971633$
2009-08-20 17:50:06 ----HD---- C:\windows\$NtUninstallKB961371$
2009-08-20 17:50:01 ----HD---- C:\windows\$NtUninstallKB961501$
2009-08-20 17:49:57 ----HD---- C:\windows\$NtUninstallKB970238$
2009-08-20 17:49:54 ----HD---- C:\windows\$NtUninstallKB968537$
2009-08-20 17:49:47 ----HD---- C:\windows\$NtUninstallKB956572$
2009-08-20 17:49:42 ----HD---- C:\windows\$NtUninstallKB923561$
2009-08-20 17:49:39 ----HD---- C:\windows\$NtUninstallKB959426$
2009-08-20 17:49:35 ----HD---- C:\windows\$NtUninstallKB961373$
2009-08-20 17:49:31 ----HD---- C:\windows\$NtUninstallKB952004$
2009-08-20 17:49:28 ----HD---- C:\windows\$NtUninstallKB960803$
2009-08-20 17:49:24 ----HD---- C:\windows\$NtUninstallKB960225$
2009-08-20 17:49:20 ----HD---- C:\windows\$NtUninstallKB958690$
2009-08-20 17:49:17 ----HD---- C:\windows\$NtUninstallKB915800-v4$
2009-08-20 17:49:05 ----HD---- C:\windows\$NtUninstallKB961118$
2009-08-20 17:49:01 ----HD---- C:\windows\$NtUninstallKB967715$
2009-08-20 17:48:55 ----HD---- C:\windows\$NtUninstallKB958687$
2009-08-20 17:48:51 ----HD---- C:\windows\$NtUninstallKB956803$
2009-08-20 17:48:46 ----HD---- C:\windows\$NtUninstallKB957095$
2009-08-20 17:48:43 ----HD---- C:\windows\$NtUninstallKB954211$
2009-08-20 17:48:39 ----HD---- C:\windows\$NtUninstallKB956841$
2009-08-20 17:48:36 ----HD---- C:\windows\$NtUninstallKB957097$
2009-08-20 17:48:32 ----HD---- C:\windows\$NtUninstallKB954600$
2009-08-20 17:48:29 ----HD---- C:\windows\$NtUninstallKB958644$
2009-08-20 17:48:25 ----HD---- C:\windows\$NtUninstallKB955069$
2009-08-20 17:48:21 ----HD---- C:\windows\$NtUninstallKB953155$
2009-08-20 17:48:18 ----HD---- C:\windows\$NtUninstallKB956802$
2009-08-20 17:48:16 ----HD---- C:\windows\$NtUninstallKB938464$
2009-08-20 17:48:12 ----HD---- C:\windows\$NtUninstallKB951376-v2$
2009-08-20 17:48:09 ----HD---- C:\windows\$NtUninstallKB946648$
2009-08-20 17:48:05 ----HD---- C:\windows\$NtUninstallKB950762$
2009-08-20 17:48:02 ----HD---- C:\windows\$NtUninstallKB952287$
2009-08-20 17:47:58 ----HD---- C:\windows\$NtUninstallKB951066$
2009-08-20 17:47:54 ----HD---- C:\windows\$NtUninstallKB952954$
2009-08-20 17:47:51 ----HD---- C:\windows\$NtUninstallKB950974$
2009-08-20 17:47:48 ----HD---- C:\windows\$NtUninstallKB951698$
2009-08-20 17:47:41 ----HD---- C:\windows\$NtUninstallKB951748$
2009-08-20 17:44:02 ----D---- C:\windows\system32\scripting
2009-08-20 17:44:01 ----D---- C:\windows\l2schemas
2009-08-20 17:44:00 ----D---- C:\windows\system32\en
2009-08-20 17:38:20 ----HD---- C:\windows\$NtServicePackUninstall$
2009-08-20 17:38:16 ----D---- C:\windows\EHome
2009-08-19 23:42:22 ----D---- C:\windows\system32\SuperAdBlocker.com
2009-08-19 22:03:03 ----SHD---- C:\Recycled
2009-08-19 15:19:46 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-19 15:19:37 ----D---- C:\Documents and Settings\Steven Callihan\Application Data\SUPERAntiSpyware.com
2009-08-19 14:34:29 ----A---- C:\windows\zip.exe
2009-08-19 14:34:29 ----A---- C:\windows\SWXCACLS.exe
2009-08-19 14:34:29 ----A---- C:\windows\SWSC.exe
2009-08-19 14:34:29 ----A---- C:\windows\SWREG.exe
2009-08-19 14:34:29 ----A---- C:\windows\sed.exe
2009-08-19 14:34:29 ----A---- C:\windows\PEV.exe
2009-08-19 14:34:29 ----A---- C:\windows\NIRCMD.exe
2009-08-19 14:34:29 ----A---- C:\windows\grep.exe
2009-08-19 14:32:05 ----D---- C:\windows\ERDNT
2009-08-19 14:23:28 ----D---- C:\Qoobox
2009-08-12 16:27:01 ----HD---- C:\windows\$NtUninstallKB960859_0$
2009-08-12 16:26:56 ----HD---- C:\windows\$NtUninstallKB971657_0$
2009-08-12 16:26:52 ----HD---- C:\windows\$NtUninstallKB971557_0$
2009-08-12 16:26:47 ----HD---- C:\windows\$NtUninstallKB973869_0$
2009-08-12 16:26:21 ----HD---- C:\windows\$NtUninstallKB973540_WM9L$
2009-08-12 16:26:17 ----HD---- C:\windows\$NtUninstallKB973507_0$
2009-08-12 16:26:12 ----HD---- C:\windows\$NtUninstallKB973354_0$
2009-08-12 16:23:03 ----D---- C:\windows\ServicePackFiles
2009-08-12 16:23:02 ----HD---- C:\windows\$NtUninstallKB958470$
2009-08-12 16:22:41 ----HD---- C:\windows\$NtUninstallKB973815_0$

======List of files/folders modified in the last 1 months======

2009-09-08 10:45:30 ----A---- C:\windows\SchedLgU.Txt
2009-09-07 16:16:36 ----A---- C:\windows\lviewpro.ini
2009-08-21 23:37:40 ----A---- C:\windows\UPGRADE.TXT
2009-08-20 18:26:46 ----A---- C:\windows\system32\javaws.exe
2009-08-20 18:26:46 ----A---- C:\windows\system32\javaw.exe
2009-08-20 18:26:46 ----A---- C:\windows\system32\java.exe
2009-08-20 17:57:32 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-08-19 14:54:08 ----A---- C:\windows\system.ini
2009-08-18 21:51:56 ----A---- C:\windows\system32\avgrsstx.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\windows\System32\Drivers\avgldx86.sys [2009-08-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\windows\System32\Drivers\avgmfx86.sys [2009-08-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\windows\System32\Drivers\avgtdix.sys [2009-05-16 108552]
R1 is-1N6HCdrv;is-1N6HCdrv; C:\windows\system32\DRIVERS\02485188.sys [2008-07-08 148496]
R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\drivers\VCdRom.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2004-07-28 9856]
R2 SCANDEV;SCANDEV; C:\windows\system32\drivers\SCANDEV.sys [1998-08-12 135776]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\windows\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2004-01-09 601100]
R3 Arp1394;1394 ARP Client Protocol; C:\windows\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Dot4;MS IEEE-1284.4 Driver; C:\windows\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\windows\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\windows\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
R3 ElbyDelay;ElbyDelay; C:\windows\System32\Drivers\ElbyDelay.sys [2004-06-08 3968]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 NIC1394;1394 Net Driver; C:\windows\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\windows\System32\DRIVERS\NTIDrvr.sys [2006-04-24 6912]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\windows\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 is-RCJCTdrv;is-RCJCTdrv; C:\windows\system32\DRIVERS\59957287.sys [2008-07-08 148496]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver); C:\windows\System32\DRIVERS\ADSFilter.sys [2007-08-03 57456]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver); C:\windows\system32\drivers\ADSMonitor.sys [2007-08-03 38384]
S3 Bridge;MAC Bridge; C:\windows\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\windows\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BW2NDIS5;BW2NDIS5; C:\windows\System32\Drivers\BW2NDIS5.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys []
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys []
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 GoProto;GoProto Protocol Driver; C:\windows\System32\DRIVERS\goprot51.sys [2006-09-25 29184]
S3 HidUsb;Microsoft HID Class Driver; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\windows\System32\DRIVERS\point32.sys [2003-05-15 19072]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\mozilla.org\Mozilla\SABProcEnum.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\windows\system32\drivers\viaudios.sys [2004-04-23 120960]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-18 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-18 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 GEARSecurity;GEARSecurity; C:\windows\system32\gearsec.exe [2002-09-02 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-20 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2008-05-03 159812]
R2 WSearch;Windows Search; C:\windows\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ELNKUpdateService;ELNK Update Service; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe []
S2 ProtectionService;ProtectionService; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe []
S3 ADSService;ADSService; C:\Program Files\Common Files\ADS\ADSService.exe []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EarthLinkSafeConnectAgent;EarthLinkSafeConnectAgent; C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe EarthLinkSafeConnectAgent []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 182768]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-08-01 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt (RSIT, in reply to first reply):

info.txt logfile of random's system information tool 1.06 2009-09-08 10:51:39

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123FTP-FREE-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\123FTP\ST6UNST.LOG"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AnalogX ITR Client-->C:\Program Files\AnalogX\ITR\itrcu.exe
AnalogX Keyword Live-->C:\Program Files\AnalogX\Keyword Live\keywordu.exe
Anonymization.Net 1.42-->C:\WINDOWS\unins000.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atomic Clock Sync-->C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\windows\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDXCopy 1.5.2 b636 (remove only)-->C:\Program Files\321Studios\DVDXCopy\Uninst.exe
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON SPR800 Reference Guide-->C:\Program Files\epson\guide\spr800_e\uninstall.exe
Flatbed Scanner-->C:\SCANNER\UNINSTAL\SETUP.EXE
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Good Keywords v2.01.100107-->"C:\Program Files\Softnik Technologies\Good Keywords v2.01\unins000.exe"
Google PageRank Checker-->D:\Program Files\Google PageRank Checker\uninstal.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Gr8_Player 0.9.5-->"C:\Program Files\Gr8_Player\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\windows\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\windows\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\windows\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\windows\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
hp LaserJet 1010 Series-->MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
ICC Color Profiles-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B62F7A3-2933-4C52-A3CE-345C8F53A08F}\setup.exe" -l0x9 anything
Ipswitch WS_FTP LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3A31EEE-7C65-4EE6-BB0D-5549FD2D67B9}\setup.exe" -l0x9
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
K-Lite Mega Codec Pack 3.8.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Linksys EasyLink Advisor 1.5 (1032)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
MobileMe Control Panel-->MsiExec.exe /I{A14C24F6-615B-415E-84B0-610FDAD19B68}
MozBackup 1.4.5-->"C:\Program Files\MozBackup\unins000.exe"
Mozilla (1.7.13)-->C:\WINDOWS\MozillaUninstall.exe /ua "1.7.13 (en)"
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MPEG Joiner version 1.0.0-->"C:\Program Files\MPEGJOINER\unins000.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nikon View 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
NTI Backup NOW! 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText
NTI CD-Maker 6 Gold-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
NTI DriveBackup! 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8FDD2A92-9F75-4706-B8C2-08499A9863E6} /l1033 DIBText
NVIDIA Drivers-->C:\windows\system32\nvuninst.exe UninstallGUI
Opera 9.63-->MsiExec.exe /X{2C0CD17D-0B06-4700-83FA-7344B868B0A2}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ROR Sitemap Generator 1.0-->MsiExec.exe /I{3E039E39-438E-42B4-9C05-9B3120CD8672}
Safari-->MsiExec.exe /I{C5C649A8-1D21-4C83-9B08-7B3752E580F4}
Search and Replace 98-->C:\WINDOWS\srinst.exe -u
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\windows\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\windows\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\windows\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\windows\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\windows\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\windows\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\windows\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\windows\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
SimpleOCR 3.1-->C:\PROGRA~1\SIMPLE~1\UNWISE.EXE C:\PROGRA~1\SIMPLE~1\INSTALL.LOG
Skype 2.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Source Viewer-->C:\Program Files\Source Viewer\uninstall.exe
Streambox Vcr Suite 2-->"C:\Program Files\StreamboxVcrSuite2\unins000.exe"
TextPad-->C:\Program Files\TextPad\SYSTEM\UNINSTAL.EXE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB968220)-->"C:\windows\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB2.0 CARD READER Icons and Drivers-->MsiExec.exe /I{CF7049C6-C595-46E9-BED7-50F6A28ACB00}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WebReaper v10-->"C:\Program Files\WebReaper\unins000.exe"
WinBoard-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WinBoard\Uninst.isu"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\windows\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Search 4.0-->"C:\windows\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xenu's Link Sleuth-->"C:\Program Files\Xenu\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: POLYWELL-438902
Event Code: 7023
Message: The Remote Access Connection Manager service terminated with the following error:
The specified module could not be found.


Record Number: 361607
Source Name: Service Control Manager
Time Written: 20090906135402.000000-420
Event Type: error
User:

Computer Name: POLYWELL-438902
Event Code: 7023
Message: The Remote Access Connection Manager service terminated with the following error:
The specified module could not be found.


Record Number: 361604
Source Name: Service Control Manager
Time Written: 20090906135402.000000-420
Event Type: error
User:

Computer Name: POLYWELL-438902
Event Code: 7023
Message: The Remote Access Connection Manager service terminated with the following error:
The specified module could not be found.


Record Number: 361601
Source Name: Service Control Manager
Time Written: 20090906135401.000000-420
Event Type: error
User:

Computer Name: POLYWELL-438902
Event Code: 7023
Message: The Remote Access Connection Manager service terminated with the following error:
The specified module could not be found.


Record Number: 361598
Source Name: Service Control Manager
Time Written: 20090906135401.000000-420
Event Type: error
User:

Computer Name: POLYWELL-438902
Event Code: 7023
Message: The Remote Access Connection Manager service terminated with the following error:
The specified module could not be found.


Record Number: 361595
Source Name: Service Control Manager
Time Written: 20090906135400.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: POLYWELL-438902
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80040154.
Record Number: 7
Source Name: EventSystem
Time Written: 20090828212041.000000-420
Event Type: warning
User:

Computer Name: POLYWELL-438902
Event Code: 4353
Message: The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Record Number: 6
Source Name: EventSystem
Time Written: 20090828212041.000000-420
Event Type: warning
User:

Computer Name: POLYWELL-438902
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80040154.
Record Number: 5
Source Name: EventSystem
Time Written: 20090828212041.000000-420
Event Type: warning
User:

Computer Name: POLYWELL-438902
Event Code: 4353
Message: The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Record Number: 4
Source Name: EventSystem
Time Written: 20090828212041.000000-420
Event Type: warning
User:

Computer Name: POLYWELL-438902
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80040154.
Record Number: 3
Source Name: EventSystem
Time Written: 20090828212041.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\ADS;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 8, AuthenticAMD
"PROCESSOR_REVISION"=0408
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;"C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip";C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"FP_NO_HOST_CHECK"=NO
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------


GMER log (in reply to second post):

GMER 1.0.15.15077 [r9zwl1vs.exe] - http://www.gmer.net
Rootkit scan 2009-09-09 09:55:57
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF859587E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8595BFE]

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\SearchIndexer.exe[884] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\windows\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service system32\drivers\kbiwkmrokasglq.sys (*** hidden *** ) [SYSTEM] kbiwkmvrinykle <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle@imagepath \systemroot\system32\drivers\kbiwkmrokasglq.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmrokasglq.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmyayuqlvp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmcfscabyu.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmabwqvmpc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmvrinykle\modules@kbiwkm.dat \systemroot\system32\kbiwkmyvtbqxml.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle@imagepath \systemroot\system32\drivers\kbiwkmrokasglq.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\main@aid 10002
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\main@sid 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmrokasglq.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmyayuqlvp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmcfscabyu.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmabwqvmpc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmvrinykle\modules@kbiwkm.dat \systemroot\system32\kbiwkmyvtbqxml.dat
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle@imagepath \systemroot\system32\drivers\kbiwkmrokasglq.sys
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\main@aid 10002
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\main@sid 1
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmrokasglq.sys
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmyayuqlvp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmcfscabyu.dat
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmabwqvmpc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmvrinykle\modules@kbiwkm.dat \systemroot\system32\kbiwkmyvtbqxml.dat
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----


New RSIT log (in reply to second post):

Logfile of random's system information tool 1.06 (written by random/random)
Run by Steven Callihan at 2009-09-09 09:58:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (32%) free of 30 GB
Total RAM: 511 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:41 AM, on 9/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\rundll32.exe
C:\Documents and Settings\Steven Callihan\Desktop\RS.exe
D:\Program Files\Trend Micro\HijackThis\Steven Callihan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/www/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000002} - (no file)
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - (no file)
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: is-1N6HC.lnk = C:\Documents and Settings\Steven Callihan\Desktop\Virus Removal Tool1\is-1N6HC\startup.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Anonymization - C:\WINDOWS\System32\sys32.htm
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Anonymization.Net - {8B466019-1E6E-4552-A096-7C0A2876E50E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206549232250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: ADSService - Unknown owner - C:\Program Files\Common Files\ADS\ADSService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe (file missing)
O23 - Service: ELNK Update Service (ELNKUpdateService) - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\windows\system32\gearsec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtectionService - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe (file missing)

--
End of file - 11212 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\Ad-Aware Update (Weekly).job
C:\windows\tasks\gwtfigqh.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000002}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-18 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-22 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{C7768536-96F8-4001-B1A2-90EE21279187}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SetIcon"=C:\Program Files\Icons\SetIcon.exe [2002-08-22 39936]
"EPSON Stylus Photo R800"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE [2003-08-07 99840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-20 149280]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2003-05-15 114688]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-18 2007832]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2008-05-03 86016]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\System32\NVMCTRAY.DLL [2008-05-03 86016]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-04-02 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2006-05-19 18577448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\windows\SOUNDMAN.EXE [2004-01-09 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-20 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
C:\PROGRA~1\Nikon\NkView6\NkvMon.exe [2003-07-11 241664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Steven Callihan\Start Menu\Programs\Startup
is-1N6HC.lnk - C:\Documents and Settings\Steven Callihan\Desktop\Virus Removal Tool1\is-1N6HC\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\windows\system32\avgrsstx.dll [2009-08-18 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"system"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WS_FTP\WS_FTP95.exe"="C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware"
"C:\Program Files\AVG\AVG8\AVGTRAY.EXE"="C:\Program Files\AVG\AVG8\AVGTRAY.EXE:*:Enabled:AVG Free Tray Icon"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\AVG\AVG8\avgui.exe"="C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:AVG Free User Interface"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - edit -
.reg - open -

======List of files/folders created in the last 1 months======

2009-09-08 19:21:48 ----SHD---- C:\FOUND.005
2009-09-08 10:51:30 ----D---- C:\rsit
2009-09-08 00:05:41 ----A---- C:\RootRepeal report 09-08-09 (00-05-41).txt
2009-09-07 23:53:02 ----HD---- C:\windows\$NtUninstallKB970653-v3$
2009-09-07 18:45:18 ----A---- C:\windows\imsins.BAK
2009-09-02 22:12:18 ----SHD---- C:\FOUND.004
2009-09-01 19:25:46 ----SHD---- C:\FOUND.003
2009-08-26 09:46:50 ----SHD---- C:\FOUND.002
2009-08-25 21:12:44 ----SHD---- C:\FOUND.001
2009-08-24 20:27:09 ----A---- C:\RootRepeal report 08-24-09 (20-27-09).txt
2009-08-24 19:51:04 ----A---- C:\RootRepeal report 08-24-09 (19-51-04).txt
2009-08-24 16:34:52 ----SHD---- C:\FOUND.000
2009-08-24 14:32:50 ----A---- C:\RootRepeal report 08-24-09 (14-32-50).txt
2009-08-24 13:07:39 ----SD---- C:\toolc
2009-08-24 13:07:39 ----A---- C:\windows\system32\CF535.exe
2009-08-24 13:07:09 ----A---- C:\windows\system32\CF437.exe
2009-08-24 12:40:29 ----A---- C:\RootRepeal report 08-24-09 (12-40-29).txt
2009-08-24 11:31:41 ----A---- C:\windows\system32\CF14503.exe
2009-08-24 11:22:07 ----SD---- C:\ctool
2009-08-24 11:22:07 ----A---- C:\windows\system32\CF12628.exe
2009-08-24 11:17:05 ----A---- C:\windows\system32\CF11642.exe
2009-08-24 11:16:35 ----A---- C:\windows\system32\CF11541.exe
2009-08-24 10:55:36 ----A---- C:\windows\system32\CF7433.exe
2009-08-24 10:52:47 ----SD---- C:\toolb
2009-08-24 10:52:47 ----A---- C:\windows\system32\CF6878.exe
2009-08-24 10:51:31 ----A---- C:\windows\system32\CF6633.exe
2009-08-24 10:50:52 ----A---- C:\windows\system32\CF6499.exe
2009-08-24 02:20:59 ----SD---- C:\Combo-Fix
2009-08-24 02:20:59 ----A---- C:\windows\system32\CF4896.exe
2009-08-24 01:51:26 ----A---- C:\windows\ntbtlog.txt
2009-08-20 18:26:55 ----A---- C:\windows\system32\deploytk.dll
2009-08-20 18:09:17 ----HD---- C:\windows\$NtUninstallKB956744$
2009-08-20 18:09:12 ----HD---- C:\windows\$NtUninstallKB968389$
2009-08-20 18:09:08 ----HD---- C:\windows\$NtUninstallKB938464-v2$
2009-08-20 18:08:59 ----HD---- C:\windows\$NtUninstallKB951978$
2009-08-20 17:50:34 ----HD---- C:\windows\$NtUninstallKB973869$
2009-08-20 17:50:31 ----HD---- C:\windows\$NtUninstallKB973354$
2009-08-20 17:50:28 ----HD---- C:\windows\$NtUninstallKB960859$
2009-08-20 17:50:25 ----HD---- C:\windows\$NtUninstallKB971657$
2009-08-20 17:50:21 ----HD---- C:\windows\$NtUninstallKB971557$
2009-08-20 17:50:18 ----HD---- C:\windows\$NtUninstallKB973507$
2009-08-20 17:50:15 ----HD---- C:\windows\$NtUninstallKB973815$
2009-08-20 17:50:09 ----HD---- C:\windows\$NtUninstallKB971633$
2009-08-20 17:50:06 ----HD---- C:\windows\$NtUninstallKB961371$
2009-08-20 17:50:01 ----HD---- C:\windows\$NtUninstallKB961501$
2009-08-20 17:49:57 ----HD---- C:\windows\$NtUninstallKB970238$
2009-08-20 17:49:54 ----HD---- C:\windows\$NtUninstallKB968537$
2009-08-20 17:49:47 ----HD---- C:\windows\$NtUninstallKB956572$
2009-08-20 17:49:42 ----HD---- C:\windows\$NtUninstallKB923561$
2009-08-20 17:49:39 ----HD---- C:\windows\$NtUninstallKB959426$
2009-08-20 17:49:35 ----HD---- C:\windows\$NtUninstallKB961373$
2009-08-20 17:49:31 ----HD---- C:\windows\$NtUninstallKB952004$
2009-08-20 17:49:28 ----HD---- C:\windows\$NtUninstallKB960803$
2009-08-20 17:49:24 ----HD---- C:\windows\$NtUninstallKB960225$
2009-08-20 17:49:20 ----HD---- C:\windows\$NtUninstallKB958690$
2009-08-20 17:49:17 ----HD---- C:\windows\$NtUninstallKB915800-v4$
2009-08-20 17:49:05 ----HD---- C:\windows\$NtUninstallKB961118$
2009-08-20 17:49:01 ----HD---- C:\windows\$NtUninstallKB967715$
2009-08-20 17:48:55 ----HD---- C:\windows\$NtUninstallKB958687$
2009-08-20 17:48:51 ----HD---- C:\windows\$NtUninstallKB956803$
2009-08-20 17:48:46 ----HD---- C:\windows\$NtUninstallKB957095$
2009-08-20 17:48:43 ----HD---- C:\windows\$NtUninstallKB954211$
2009-08-20 17:48:39 ----HD---- C:\windows\$NtUninstallKB956841$
2009-08-20 17:48:36 ----HD---- C:\windows\$NtUninstallKB957097$
2009-08-20 17:48:32 ----HD---- C:\windows\$NtUninstallKB954600$
2009-08-20 17:48:29 ----HD---- C:\windows\$NtUninstallKB958644$
2009-08-20 17:48:25 ----HD---- C:\windows\$NtUninstallKB955069$
2009-08-20 17:48:21 ----HD---- C:\windows\$NtUninstallKB953155$
2009-08-20 17:48:18 ----HD---- C:\windows\$NtUninstallKB956802$
2009-08-20 17:48:16 ----HD---- C:\windows\$NtUninstallKB938464$
2009-08-20 17:48:12 ----HD---- C:\windows\$NtUninstallKB951376-v2$
2009-08-20 17:48:09 ----HD---- C:\windows\$NtUninstallKB946648$
2009-08-20 17:48:05 ----HD---- C:\windows\$NtUninstallKB950762$
2009-08-20 17:48:02 ----HD---- C:\windows\$NtUninstallKB952287$
2009-08-20 17:47:58 ----HD---- C:\windows\$NtUninstallKB951066$
2009-08-20 17:47:54 ----HD---- C:\windows\$NtUninstallKB952954$
2009-08-20 17:47:51 ----HD---- C:\windows\$NtUninstallKB950974$
2009-08-20 17:47:48 ----HD---- C:\windows\$NtUninstallKB951698$
2009-08-20 17:47:41 ----HD---- C:\windows\$NtUninstallKB951748$
2009-08-20 17:44:02 ----D---- C:\windows\system32\scripting
2009-08-20 17:44:01 ----D---- C:\windows\l2schemas
2009-08-20 17:44:00 ----D---- C:\windows\system32\en
2009-08-20 17:38:20 ----HD---- C:\windows\$NtServicePackUninstall$
2009-08-20 17:38:16 ----D---- C:\windows\EHome
2009-08-19 23:42:22 ----D---- C:\windows\system32\SuperAdBlocker.com
2009-08-19 22:03:03 ----SHD---- C:\Recycled
2009-08-19 15:19:46 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-19 15:19:37 ----D---- C:\Documents and Settings\Steven Callihan\Application Data\SUPERAntiSpyware.com
2009-08-19 14:34:29 ----A---- C:\windows\zip.exe
2009-08-19 14:34:29 ----A---- C:\windows\SWXCACLS.exe
2009-08-19 14:34:29 ----A---- C:\windows\SWSC.exe
2009-08-19 14:34:29 ----A---- C:\windows\SWREG.exe
2009-08-19 14:34:29 ----A---- C:\windows\sed.exe
2009-08-19 14:34:29 ----A---- C:\windows\PEV.exe
2009-08-19 14:34:29 ----A---- C:\windows\NIRCMD.exe
2009-08-19 14:34:29 ----A---- C:\windows\grep.exe
2009-08-19 14:32:05 ----D---- C:\windows\ERDNT
2009-08-19 14:23:28 ----D---- C:\Qoobox
2009-08-12 16:27:01 ----HD---- C:\windows\$NtUninstallKB960859_0$
2009-08-12 16:26:56 ----HD---- C:\windows\$NtUninstallKB971657_0$
2009-08-12 16:26:52 ----HD---- C:\windows\$NtUninstallKB971557_0$
2009-08-12 16:26:47 ----HD---- C:\windows\$NtUninstallKB973869_0$
2009-08-12 16:26:21 ----HD---- C:\windows\$NtUninstallKB973540_WM9L$
2009-08-12 16:26:17 ----HD---- C:\windows\$NtUninstallKB973507_0$
2009-08-12 16:26:12 ----HD---- C:\windows\$NtUninstallKB973354_0$
2009-08-12 16:23:03 ----D---- C:\windows\ServicePackFiles
2009-08-12 16:23:02 ----HD---- C:\windows\$NtUninstallKB958470$
2009-08-12 16:22:41 ----HD---- C:\windows\$NtUninstallKB973815_0$

======List of files/folders modified in the last 1 months======

2009-09-08 22:44:32 ----A---- C:\windows\SchedLgU.Txt
2009-09-07 16:16:36 ----A---- C:\windows\lviewpro.ini
2009-08-21 23:37:40 ----A---- C:\windows\UPGRADE.TXT
2009-08-20 18:26:46 ----A---- C:\windows\system32\javaws.exe
2009-08-20 18:26:46 ----A---- C:\windows\system32\javaw.exe
2009-08-20 18:26:46 ----A---- C:\windows\system32\java.exe
2009-08-20 17:57:32 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-08-19 14:54:08 ----A---- C:\windows\system.ini
2009-08-18 21:51:56 ----A---- C:\windows\system32\avgrsstx.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\windows\System32\Drivers\avgldx86.sys [2009-08-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\windows\System32\Drivers\avgmfx86.sys [2009-08-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\windows\System32\Drivers\avgtdix.sys [2009-05-16 108552]
R1 is-1N6HCdrv;is-1N6HCdrv; C:\windows\system32\DRIVERS\02485188.sys [2008-07-08 148496]
R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\drivers\VCdRom.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2004-07-28 9856]
R2 SCANDEV;SCANDEV; C:\windows\system32\drivers\SCANDEV.sys [1998-08-12 135776]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\windows\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2004-01-09 601100]
R3 Arp1394;1394 ARP Client Protocol; C:\windows\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Dot4;MS IEEE-1284.4 Driver; C:\windows\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\windows\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\windows\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
R3 ElbyDelay;ElbyDelay; C:\windows\System32\Drivers\ElbyDelay.sys [2004-06-08 3968]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 NIC1394;1394 Net Driver; C:\windows\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\windows\System32\DRIVERS\NTIDrvr.sys [2006-04-24 6912]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 is-RCJCTdrv;is-RCJCTdrv; C:\windows\system32\DRIVERS\59957287.sys [2008-07-08 148496]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver); C:\windows\System32\DRIVERS\ADSFilter.sys [2007-08-03 57456]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver); C:\windows\system32\drivers\ADSMonitor.sys [2007-08-03 38384]
S3 Bridge;MAC Bridge; C:\windows\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\windows\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BW2NDIS5;BW2NDIS5; C:\windows\System32\Drivers\BW2NDIS5.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys []
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys []
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 GoProto;GoProto Protocol Driver; C:\windows\System32\DRIVERS\goprot51.sys [2006-09-25 29184]
S3 HidUsb;Microsoft HID Class Driver; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 lpaotqpq;lpaotqpq; \??\C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\lpaotqpq.sys []
S3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\windows\System32\DRIVERS\point32.sys [2003-05-15 19072]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\windows\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\mozilla.org\Mozilla\SABProcEnum.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\windows\system32\drivers\viaudios.sys [2004-04-23 120960]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-18 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-18 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 GEARSecurity;GEARSecurity; C:\windows\system32\gearsec.exe [2002-09-02 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-20 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2008-05-03 159812]
R2 WSearch;Windows Search; C:\windows\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ELNKUpdateService;ELNK Update Service; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe []
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]
S2 ProtectionService;ProtectionService; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe []
S3 ADSService;ADSService; C:\Program Files\Common Files\ADS\ADSService.exe []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EarthLinkSafeConnectAgent;EarthLinkSafeConnectAgent; C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe EarthLinkSafeConnectAgent []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 182768]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-08-01 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:57 AM

Posted 11 September 2009 - 01:34 PM

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#9 TomTerrific

TomTerrific
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 12 September 2009 - 02:10 PM

When running Combofix, I got an error: "Boot record could not be enumerated correctly." I exited Combofix rather than continue. I've had a message when booting up for awhile: Invalid Boot.ini, loading from C:\Windows (or something close to that).

I was able to slipstream a new SP3 installation CD-ROM, boot from the CD, and run the Windows Recovery Console. When following the instructions to install the Windows Recovery Console (at the link you provided), I got the error: "Setup was unable to create, locate, or modifly a critical file (C:\BOOT.INI)..."

I then tried to rebuild boot.ini using the Windows Recovery Console by typing at the prompt: bootcfg /rebuild. It seemed to be working, but then I got a blue screen. I tried again, but it happened again, although at a later point. The blue screen said:

==============================
"A problem occurred....

DRIVER_IRQL_LESS_OR_EQUAL

[...]

Tech Information:

STOP: 0x000000D1 (oxFA3DF1AC, 0x00000002, 0x00000000, 0xFA3DF1AC)
==============================

I've been getting similar (or maybe the same) blue screen crashes while running Windows (once or twice a day).

So, I'm at an impasse. I haven't tried the second method for installing the Windows Recovery Console because I suspect it will run into the same problem as the first, plus thought it advisable to ask your advice before doing anything else.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:57 AM

Posted 12 September 2009 - 08:35 PM

If any of the steps I ask you to do fail, you need let me no, rather than going off and trying all other kind of methods. This just makes it
more confusing for me to try and figure out what is going on, so please do not make any more changes other than my instructions.

It sounds like your computer is in a right mess, can you tell me what your current situation is, are you able to boot up or do you keep
getting the BSOD? Do you have the recovery console installed or not?

unite.jpg


#11 TomTerrific

TomTerrific
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 14 September 2009 - 12:27 PM

I wasn't able to install the recovery console. I was able to access it on the XP-Home SP3 installation CD (which I slipstreamed and burned), but was unable to install it on my hard drive because boot.ini is apparently missing. The only thing additional I did was to try to use the recovery console to try to rebuild boot.ini - which terminated in a BSD (twice). I'm assuming that the next steps are 1) get a functioning boot.ini, so that 2) the recovery console can be installed, so that 3) ComboFix can be run.

I haven't run Malwarebytes or any other anti-virus tool (or other scan) after first hearing back from you. The only thing I've done since then is to try to install the recovery console (at your request, but without success). AVG does an automatic scan, but hasn't found anything.

The computer was in a big mess prior to my contacting you. I did have a failure to boot Windows after I posted my first message here (the boot message about the invalid boot.ini had been happening for some time, so was not the cause of Windows not booting, or caused by it). I didn't hear back from my first message here for almost a week, so did resort to self-help (I'm self-employed and use my computer for business on a daily basis). I was able to run a disk scan using a utility CD, after which Windows was able to reboot. From research online, it looks like Drive C was full - after the scan, Drive C has about 10GB free. Chkdsk (running automatically after a BSD) went from reporting the Drive C file system from RAW to FAT32. ChkDsk wouldn't run when the drive was being reported as RAW, but does now.

I haven't had a problem with the Google re-direct since then, but have had a recurring virus reported in Malwarebytes that keeps coming back. I was also blocked from downloading the Kapersky Virus Removal Tool and from using Windows Update at Microsoft's site (haven't checked to see if that's still the case, however). Other than that, however, the computer seems to be working okay, except for getting BSDs once or twice a day. Before the Windows boot failure and the disk scan I ran, I was not able to use System Restore, but that's working fine now.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:57 AM

Posted 14 September 2009 - 04:29 PM

I understand that you need to get the computer fix and that you had to resort to helping yourself whilst waiting for an initial reply, but once you are being
helped it is in you best intrest to only follow the instructions given and if they don't work to let me no. Lets see if we can get this boot.ini fixed then take it
from there.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy the content of the following codebox into the main textfield :
    :filefind
    boot.*
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan, Please post this log in your next reply.

unite.jpg


#13 TomTerrific

TomTerrific
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 14 September 2009 - 07:02 PM

Here's the SystemLook result:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:41 on 14/09/2009 by Steven Callihan (Administrator - Elevation successful)

========== filefind ==========

Searching for "boot.*"
C:\Combo-Fix\Boot.bat --a--- 7774 bytes [09:20 24/08/2009] [10:42 12/08/2009] 317C5BEFB30BBA348EBF115DFE96861C
C:\ctool\Boot.bat --a--- 7774 bytes [18:21 24/08/2009] [10:42 12/08/2009] 317C5BEFB30BBA348EBF115DFE96861C
C:\Program Files\nLite\boot.bin --a--- 2048 bytes [05:29 12/09/2009] [21:56 19/02/2007] CE05C025433085B7E856E7214F7CE8B1
C:\toolb\Boot.bat --a--- 7774 bytes [17:52 24/08/2009] [10:42 12/08/2009] 317C5BEFB30BBA348EBF115DFE96861C
C:\toolc\Boot.bat --a--- 7774 bytes [20:07 24/08/2009] [10:42 12/08/2009] 317C5BEFB30BBA348EBF115DFE96861C
C:\WINDOWS\pss\boot.ini.backup ------ 211 bytes [18:59 14/06/2006] [03:57 13/09/2008] 17D7055859D99A0D606CFAF17AE38638

-=End Of File=-

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:57 AM

Posted 14 September 2009 - 07:16 PM

Please navigate to following file and open it with notepad, then copy and paste the contents back here.

C:\WINDOWS\pss\boot.ini.backup

unite.jpg


#15 TomTerrific

TomTerrific
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 14 September 2009 - 09:24 PM

Here's the content of boot.ini.backup:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users