Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware stopping browser search / sky email etc.


  • This topic is locked This topic is locked
8 replies to this topic

#1 ncddcn

ncddcn

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 04 September 2009 - 01:32 PM

Please help.

My friend's computer has spyware which stops access to Sky email and stops Google Search from producing any results.

I have previously posted problems from another computer which you help me sort out. Hence I have carried out much of what you told me do then.

I have run Mbam Malwarebytes, SuperAntispyware, Spybot Search & Destroy.

Spybot cannot fully immunize system. Looks as though hosts file is locked to some degree.

I have posted below the Malwarebytes log (run prior to SuperAntispyware).

Also posted is the SuperAntispyware log (run after running ATF-Cleaner).

Do you need Hijackthis log? (I haven't yet installed this program.)

Many thanks.



Malwarebytes' Anti-Malware 1.40
Database version: 2731
Windows 5.1.2600 Service Pack 3

04/09/2009 09:36:47
mbam-log-2009-09-04 (09-36-47).txt

Scan type: Quick Scan
Objects scanned: 130023
Time elapsed: 27 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


========================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/04/2009 at 03:21 PM

Application Version : 4.28.1008

Core Rules Database Version : 4085
Trace Rules Database Version: 2025

Scan type : Complete Scan
Total Scan Time : 04:24:01

Memory items scanned : 220
Memory threats detected : 0
Registry items scanned : 4952
Registry threats detected : 0
File items scanned : 69452
File threats detected : 151

Adware.Tracking Cookie
.112.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.112.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.112.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.112.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.122.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.247realmedia.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adfarm1.adition.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.ads.pointroll.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.ads.pointroll.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.ads.pointroll.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.ads.pointroll.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.ads.pointroll.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.ads.pointroll.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.ads.pointroll.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adserver.adtech.de [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adserver.adtechus.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adtech.de [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adtech.de [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adtech.de [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adtech.de [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adtech.de [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adtech.de [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adtech.de [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.adtech.de [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.advertising.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.advertising.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.advertising.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.advertising.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.advertising.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.advertising.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.amazonms.122.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.amznmothercare.122.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.at.atwola.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.atdmt.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.atdmt.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.atdmt.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.bs.serving-sys.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.cerosmedia.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.chitika.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.crosscountrytrains.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.crosscountrytrains.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.dealtime.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.dealtime.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.dealtime.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.dialaphone.122.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.e-2dj6wfmialcpelp.stats.esomniture.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.e-2dj6wfmyupazoko.stats.esomniture.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.e-2dj6whkigodpifp.stats.esomniture.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.e-2dj6wmkoqmc5acq.stats.esomniture.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.eastsussexnational.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.eastsussexnational.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.eqtracking.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.eurostar.122.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.firstrate.112.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.imrworldwide.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.imrworldwide.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.indexstats.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.indexstats.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.indexstats.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.indexstats.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.indexstats.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.indextools.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.indextools.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.indextools.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.logantod.122.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.msnportal.112.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.nextag.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.nextag.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.nextag.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.nextag.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.nextag.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.overture.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.overture.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.paypal.112.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.perf.overture.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.phones4ultd.112.2o7.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.pro-market.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.questionmarket.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.questionmarket.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.realmedia.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.realmedia.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.realmedia.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.revsci.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.revsci.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.revsci.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.revsci.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.revsci.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.serving-sys.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.serving-sys.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.serving-sys.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.serving-sys.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.serving-sys.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.serving-sys.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.specificclick.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.stats.paypal.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.tacoda.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.tacoda.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.tacoda.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.tracking.summitmedia.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.tribalfusion.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.tribalfusion.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.tribalfusion.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.tribalfusion.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.trvlnet.adbureau.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
.view.atdmt.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
ad.yieldmanager.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
ad.yieldmanager.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
ad.yieldmanager.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
ad1.emediate.dk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
ad1.emediate.dk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
fr.sitestat.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
int.sitestat.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
server.iad.liveperson.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
server.iad.liveperson.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
server.iad.liveperson.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
server.iad.liveperson.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
server.lon.liveperson.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
server.lon.liveperson.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
server.lon.liveperson.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
server.lon.liveperson.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
server.lon.liveperson.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
server.lon.liveperson.net [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
uk.sitestat.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
uk.sitestat.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
webstats.wthosting.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
www.discount-appliances.co.uk [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
www.googleadservices.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]
www.hxtrack.com [ C:Documents and SettingsNeil MiddleditchApplication DataMozillaFirefoxProfilesp0mz3ib8.defaultcookies.txt ]

=================================

Further info:

Ran Windows Defender clearing 1 spyware entry for System32 hijack. This resolved Google search problem which now works. Also it fixed the Sky email access problem.

I modified security access on hosts file (Safe mode) to allow 'Write' which allowed me to then fully immunize using Spybot Search & Destroy.

Some search engines still do not work - e.g. Live, Bing and Yahoo which all get HTTP 500 Internal Server Error.

Regards,

More info:

Yahoo search sometimes works now after running AVG and cleaning one System32 virus, (BTPRE05, BTwebcontrol.dll), but at other times gives 999 error

Some search results re-direct when selected.

Is possibly the TDSS malware?

I have done the DDS and Kapersky scans - see below


DDS (Ver_09-07-30.01) - NTFSx86
Run by Neil Middleditch at 19:58:49.17 on 08/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.894.221 [GMT 1:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Windows Protection Suite *On-access scanning enabled* (Updated) {4F9898D3-A5D5-48FB-B16C-ECD4160F2A4E}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Windows Protection Suite *enabled* {36A4154C-D1A9-4D4B-8233-6BE1C92E2AA7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
svchost.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesSpyware Terminatorsp_rsser.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:WINDOWSsystem32Ati2evxx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesCommon FilesBitDefenderBitDefender Communicatorxcommsvr.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe
C:Program FilesBitDefenderBitDefender 2008vsserv.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesJavajre1.5.0_10binjusched.exe
C:Program FilesHpHP Software UpdateHPWuSchd2.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesHPQuickPlayQPService.exe
C:Program FilesHPQQuick Launch ButtonsEabServr.exe
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesLexmark X1100 Serieslxbkbmgr.exe
C:Program FilesLexmark X1100 Serieslxbkbmon.exe
C:Program FilesBitDefenderBitDefender 2008bdagent.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesWindows DefenderMSASCui.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:WINDOWSSystem32svchost.exe -kbdx
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSpyware TerminatorSpywareTerminatorUpdate.exe
C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
C:Program FilesInternet Exploreriexplore.exe
C:PROGRA~1hpqSharedHPQTOA~1.EXE
C:Program FilesHPDigital Imagingbinhpqimzone.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesJavajre1.5.0_10binjucheck.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Documents and SettingsNeil MiddleditchDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.5.0_10binssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:program filesbitdefenderbitdefender 2008IEToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [SpywareTerminatorUpdate] "c:program filesspyware terminatorSpywareTerminatorUpdate.exe"
mRun: [ATIPTA] "c:program filesati technologiesati control panelatiptaxx.exe"
mRun: [SunJavaUpdateSched] "c:program filesjavajre1.5.0_10binjusched.exe"
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [QPService] "c:program fileshpquickplayQPService.exe"
mRun: [eabconfg.cpl] c:program fileshpqquick launch buttonsEabServr.exe /Start
mRun: [Cpqset] c:program fileshpqdefault settingscpqset.exe
mRun: [RecGuard] c:windowssminstRecGuard.exe
mRun: [hpWirelessAssistant] c:program fileshpqhp wireless assistantHP Wireless Assistant.exe
mRun: [SpeedTouch USB Diagnostics] "c:program filesthomsonspeedtouch usbDragdiag.exe" /icon
mRun: [Lexmark X1100 Series] "c:program fileslexmark x1100 serieslxbkbmgr.exe"
mRun: [BitDefender Antiphishing Helper] "c:program filesbitdefenderbitdefender 2008IEShow.exe"
mRun: [BDAgent] "c:program filesbitdefenderbitdefender 2008bdagent.exe"
mRun: [Sony Ericsson PC Suite] "c:program filessony ericssonmobile2application launcherApplication Launcher.exe" /startoptions
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Windows Defender] "c:program fileswindows defenderMSASCui.exe" -hide
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE
StartupFolder: c:docume~1alluse~1startm~1programsstartupadober~1.lnk - c:program filesadobeacrobat 7.0readerreader_sl.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpphot~1.lnk - c:program fileshpdigital imagingbinhpqthb08.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupkodake~1.lnk - c:program fileskodakkodak easyshare softwarebinEasyShare.exe
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:program filesjavajre1.5.0_10binssv.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:progra~1wifd1f~1MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1neilmi~1applic~1mozillafirefoxprofilesp0mz3ib8.default
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:program filesavgavg8firefoxcomponentsavgssff.dll
FF - component: c:program filesmozilla firefoxextensionstalkback@mozilla.orgcomponentsqfaservices.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [2009-9-6 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-9-5 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-9-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-9-5 108552]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2009-9-3 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-9-3 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:windowssystem32driverssp_rsdrv2.sys [2009-9-6 142592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:progra~1avgavg8avgemc.exe [2009-9-5 908056]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2009-9-5 297752]
R2 Symantec Core LC;Symantec Core LC;c:program filescommon filessymantec sharedccpd-lcsymlcsvc.exe [2006-4-24 1247600]
R2 WinDefend;Windows Defender;c:program fileswindows defenderMsMpEng.exe [2006-11-3 13592]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:windowssystem32driversbdfndisf.sys [2007-10-19 86792]
R3 HSFHWATI;HSFHWATI;c:windowssystem32driversHSFHWATI.sys [2005-8-22 231424]
S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-9-3 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesspyware doctorpctsAuxs.exe [2009-9-6 348752]
S3 sdCoreService;PC Tools Security Service;c:program filesspyware doctorpctsSvc.exe [2009-9-6 1097096]

=============== Created Last 30 ================

2009-09-06 08:53 159,600 a------- c:windowssystem32driverspctgntdi.sys
2009-09-06 08:52 206,256 a------- c:windowssystem32driversPCTCore.sys
2009-09-06 08:52 86,888 a------- c:windowssystem32driversPCTAppEvent.sys
2009-09-06 08:52 7,396 a------- c:windowssystem32driverspctcore.cat
2009-09-06 08:52 64,392 a------- c:windowssystem32driverspctplsg.sys
2009-09-06 08:52 <DIR> --d----- c:program filescommon filesPC Tools
2009-09-06 08:52 <DIR> --d----- c:program filesSpyware Doctor
2009-09-06 08:52 <DIR> --d----- c:docume~1neilmi~1applic~1PC Tools
2009-09-06 08:52 <DIR> --d----- c:docume~1alluse~1applic~1PC Tools
2009-09-06 00:48 142,592 a------- c:windowssystem32driverssp_rsdrv2.sys
2009-09-06 00:48 <DIR> --d----- c:docume~1neilmi~1applic~1Spyware Terminator
2009-09-06 00:48 <DIR> --d----- c:docume~1alluse~1applic~1Spyware Terminator
2009-09-06 00:48 <DIR> --d----- c:program filesSpyware Terminator
2009-09-05 20:55 <DIR> --d-h--- C:$AVG8.VAULT$
2009-09-05 20:40 11,952 a------- c:windowssystem32avgrsstx.dll
2009-09-05 20:40 108,552 a------- c:windowssystem32driversavgtdix.sys
2009-09-05 20:40 335,240 a------- c:windowssystem32driversavgldx86.sys
2009-09-05 20:40 <DIR> --d----- c:windowssystem32driversAvg
2009-09-05 20:39 <DIR> --d----- c:program filesAVG
2009-09-05 20:39 <DIR> --d----- c:docume~1alluse~1applic~1avg8
2009-09-05 20:32 <DIR> --d----- c:docume~1neilmi~1applic~1AVG8
2009-09-05 18:54 <DIR> --d----- c:program filesSpybot - Search & Destroy
2009-09-05 12:41 <DIR> --d----- c:docume~1neilmi~1applic~1SUPERAntiSpyware.com
2009-09-04 22:06 <DIR> --d----- C:Create new Hosts file
2009-09-04 10:14 <DIR> --d----- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2009-09-04 10:14 <DIR> --d----- c:program filesSUPERAntiSpyware
2009-09-04 10:14 <DIR> --d----- c:program filescommon filesWise Installation Wizard
2009-09-02 19:02 <DIR> --d----- c:docume~1neilmi~1applic~1Malwarebytes
2009-09-02 19:01 38,160 a------- c:windowssystem32driversmbamswissarmy.sys
2009-09-02 19:01 19,096 a------- c:windowssystem32driversmbam.sys
2009-09-02 19:01 <DIR> --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-09-02 19:01 <DIR> --d----- c:program filesMalwarebytes' Anti-Malware
2009-09-02 19:01 <DIR> --d----- c:program filesMalwarebytes
2009-09-02 18:28 <DIR> --d----- c:docume~1alluse~1applic~1Spybot - Search & Destroy
2009-09-02 08:49 <DIR> --dsh--- c:documents and settingsneil middleditchIECompatCache
2009-09-02 08:43 <DIR> --dsh--- c:documents and settingsneil middleditchPrivacIE
2009-08-24 19:55 <DIR> --dsh--- c:docume~1alluse~1applic~16015cdb
2009-08-13 20:39 128,512 -------- c:windowssystem32dllcachedhtmled.ocx
2009-08-13 20:38 1,315,328 -------- c:windowssystem32dllcachemsoe.dll
2009-08-12 11:41 <DIR> --dsh--- c:documents and settingsneil middleditchIETldCache
2009-08-11 20:59 12,800 -------- c:windowssystem32dllcachexpshims.dll
2009-08-11 20:59 246,272 -------- c:windowssystem32dllcacheieproxy.dll
2009-08-11 20:59 <DIR> --d----- c:windowsie8updates
2009-08-11 20:58 101,376 -------- c:windowssystem32dllcacheiecompat.dll
2009-08-11 20:53 <DIR> -cd-h--- c:windowsie8

==================== Find3M ====================

2009-09-08 18:35 81,984 a------- c:windowssystem32bdod.bin
2009-08-05 10:01 204,800 a------- c:windowssystem32mswebdvd.dll
2009-08-05 10:01 204,800 -------- c:windowssystem32dllcachemswebdvd.dll
2009-08-04 18:08 306 a------- c:docume~1neilmi~1applic~1wklnhst.dat
2009-07-19 18:48 11,067,392 -------- c:windowssystem32dllcacheieframe.dll
2009-07-19 14:18 5,937,152 -------- c:windowssystem32dllcachemshtml.dll
2009-07-17 20:01 58,880 a------- c:windowssystem32atl.dll
2009-07-17 20:01 58,880 -------- c:windowssystem32dllcacheatl.dll
2009-07-13 10:08 286,720 a------- c:windowssystem32wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:windowssystem32dllcachewmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:windowssystem32dllcachewmp.dll
2009-07-03 18:09 915,456 a------- c:windowssystem32wininet.dll
2009-07-03 18:09 915,456 -------- c:windowssystem32dllcachewininet.dll
2009-07-03 18:09 1,208,832 -------- c:windowssystem32dllcacheurlmon.dll
2009-07-03 18:09 206,848 -------- c:windowssystem32dllcacheoccache.dll
2009-07-03 18:09 594,432 -------- c:windowssystem32dllcachemsfeeds.dll
2009-07-03 18:09 55,296 -------- c:windowssystem32dllcachemsfeedsbs.dll
2009-07-03 18:09 1,985,536 -------- c:windowssystem32dllcacheiertutil.dll
2009-07-03 18:09 25,600 -------- c:windowssystem32dllcachejsproxy.dll
2009-07-03 18:09 184,320 -------- c:windowssystem32dllcacheiepeers.dll
2009-07-03 18:09 386,048 -------- c:windowssystem32dllcacheiedkcs32.dll
2009-07-03 12:01 173,056 -------- c:windowssystem32dllcacheie4uinit.exe
2009-06-29 17:12 133,120 a------- c:windowssystem32dllcacheextmgr.dll
2009-06-29 12:07 13,824 -------- c:windowssystem32dllcacheieudinit.exe
2009-06-16 15:36 119,808 a------- c:windowssystem32t2embed.dll
2009-06-16 15:36 81,920 a------- c:windowssystem32fontsub.dll
2009-06-16 15:36 119,808 -------- c:windowssystem32dllcachet2embed.dll
2009-06-16 15:36 81,920 -------- c:windowssystem32dllcachefontsub.dll
2009-06-12 13:31 76,288 a------- c:windowssystem32telnet.exe
2009-06-12 13:31 76,288 -------- c:windowssystem32dllcachetelnet.exe
2009-01-02 21:48 32,768 a--sh--- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009010220090103index.dat

============= FINISH: 20:00:20.32 ===============


ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/09/08 20:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xEE3D5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xF7A02000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xF6FA4000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:hiberfil.sys
Status: Locked to the Windows API!

Path: c:windowstemptdff3.tmp
Status: Allocation size mismatch (API: 56, Raw: 0)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf72bcd72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf729d9a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf729db98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf72bd568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf72bd820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf72bba80

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:Program FilesBitDefenderBitDefender 2008bdselfpr.sys" at address 0xeb74bb4c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:Program FilesBitDefenderBitDefender 2008bdselfpr.sys" at address 0xeb74bc3a

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf72bdc8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf72bd036

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:Program FilesBitDefenderBitDefender 2008bdselfpr.sys" at address 0xeb74bab0

==EOF==

I have created topic in the Am I Infected forum whereas I should have probably done it here.

I have just posted the logs required re DDS and Kapersky, but there is no attachment option for the Attach.txt file. I have therefore attached it here. I hope that is acceptable.

Merged AII topic to HJT topic and merged all posts. ~ OB

Attached Files


Edited by Orange Blossom, 08 September 2009 - 10:02 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:36 AM

Posted 21 September 2009 - 02:38 AM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 ncddcn

ncddcn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 23 September 2009 - 01:04 PM

Thank you for you help.

Log files listed below. Please note that hosts file has been immunized by Spybot - Search & Destroy hence its size. I lost info.txt so reran on another user and then searched for info.txt, hence slightly different timings and users.

Problems are redirections of links found by search engine.

I suspect TDSS malware having had it on another machine before.

I have cleared several infections as highlighted in my previous posts but I strongly suspect machine is still infected.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Linda Middleditch at 2009-09-23 18:58:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 71 GB (79%) free of 89 GB
Total RAM: 894 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:08, on 23/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Linda Middleditch\Desktop\RSIT.exe
C:\Program Files\trend micro\Linda Middleditch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 64.86.17.56 google.ae
O1 - Hosts: 64.86.17.56 google.as
O1 - Hosts: 64.86.17.56 google.at
O1 - Hosts: 64.86.17.56 google.az
O1 - Hosts: 64.86.17.56 google.ba
O1 - Hosts: 64.86.17.56 google.be
O1 - Hosts: 64.86.17.56 google.bg
O1 - Hosts: 64.86.17.56 google.bs
O1 - Hosts: 64.86.17.56 google.ca
O1 - Hosts: 64.86.17.56 google.cd
O1 - Hosts: 64.86.17.56 google.com.gh
O1 - Hosts: 64.86.17.56 google.com.hk
O1 - Hosts: 64.86.17.56 google.com.jm
O1 - Hosts: 64.86.17.56 google.com.mx
O1 - Hosts: 64.86.17.56 google.com.my
O1 - Hosts: 64.86.17.56 google.com.na
O1 - Hosts: 64.86.17.56 google.com.nf
O1 - Hosts: 64.86.17.56 google.com.ng
O1 - Hosts: 64.86.17.56 google.ch
O1 - Hosts: 64.86.17.56 google.com.np
O1 - Hosts: 64.86.17.56 google.com.pr
O1 - Hosts: 64.86.17.56 google.com.qa
O1 - Hosts: 64.86.17.56 google.com.sg
O1 - Hosts: 64.86.17.56 google.com.tj
O1 - Hosts: 64.86.17.56 google.com.tw
O1 - Hosts: 64.86.17.56 google.dj
O1 - Hosts: 64.86.17.56 google.de
O1 - Hosts: 64.86.17.56 google.dk
O1 - Hosts: 64.86.17.56 google.dm
O1 - Hosts: 64.86.17.56 google.ee
O1 - Hosts: 64.86.17.56 google.fi
O1 - Hosts: 64.86.17.56 google.fm
O1 - Hosts: 64.86.17.56 google.fr
O1 - Hosts: 64.86.17.56 google.ge
O1 - Hosts: 64.86.17.56 google.gg
O1 - Hosts: 64.86.17.56 google.gm
O1 - Hosts: 64.86.17.56 google.gr
O1 - Hosts: 64.86.17.56 google.ht
O1 - Hosts: 64.86.17.56 google.ie
O1 - Hosts: 64.86.17.56 google.im
O1 - Hosts: 64.86.17.56 google.in
O1 - Hosts: 64.86.17.56 google.it
O1 - Hosts: 64.86.17.56 google.ki
O1 - Hosts: 64.86.17.56 google.la
O1 - Hosts: 64.86.17.56 google.li
O1 - Hosts: 64.86.17.56 google.lv
O1 - Hosts: 64.86.17.56 google.ma
O1 - Hosts: 64.86.17.56 google.ms
O1 - Hosts: 64.86.17.56 google.mu
O1 - Hosts: 64.86.17.56 google.mw
O1 - Hosts: 64.86.17.56 google.nl
O1 - Hosts: 64.86.17.56 google.no
O1 - Hosts: 64.86.17.56 google.nr
O1 - Hosts: 64.86.17.56 google.nu
O1 - Hosts: 64.86.17.56 google.pl
O1 - Hosts: 64.86.17.56 google.pn
O1 - Hosts: 64.86.17.56 google.pt
O1 - Hosts: 64.86.17.56 google.ro
O1 - Hosts: 64.86.17.56 google.ru
O1 - Hosts: 64.86.17.56 google.rw
O1 - Hosts: 64.86.17.56 google.sc
O1 - Hosts: 64.86.17.56 google.se
O1 - Hosts: 64.86.17.56 google.sh
O1 - Hosts: 64.86.17.56 google.si
O1 - Hosts: 64.86.17.56 google.sm
O1 - Hosts: 64.86.17.56 google.sn
O1 - Hosts: 64.86.17.56 google.st
O1 - Hosts: 64.86.17.56 google.tl
O1 - Hosts: 64.86.17.56 google.tm
O1 - Hosts: 64.86.17.56 google.tt
O1 - Hosts: 64.86.17.56 google.us
O1 - Hosts: 64.86.17.56 google.vu
O1 - Hosts: 64.86.17.56 google.ws
O1 - Hosts: 64.86.17.56 google.co.ck
O1 - Hosts: 64.86.17.56 google.co.id
O1 - Hosts: 64.86.17.56 google.co.il
O1 - Hosts: 64.86.17.56 google.co.in
O1 - Hosts: 64.86.17.56 google.co.jp
O1 - Hosts: 64.86.17.56 google.co.kr
O1 - Hosts: 64.86.17.56 google.co.ls
O1 - Hosts: 64.86.17.56 google.co.ma
O1 - Hosts: 64.86.17.56 google.co.nz
O1 - Hosts: 64.86.17.56 google.co.tz
O1 - Hosts: 64.86.17.56 google.co.ug
O1 - Hosts: 64.86.17.56 google.co.uk
O1 - Hosts: 64.86.17.56 google.co.za
O1 - Hosts: 64.86.17.56 google.co.zm
O1 - Hosts: 64.86.17.56 google.com
O1 - Hosts: 64.86.17.56 google.com.af
O1 - Hosts: 64.86.17.56 google.com.ag
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - c:\program files\mcafee\msk\msksrver.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 14658 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-05 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-03-04 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-22 405504]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-11 368640]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-05 2007832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe /background []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-05 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\All Users\Application Data\6015cdb\WI6015.exe"="C:\Documents and Settings\All Users\Application Data\6015cdb\WI6015.exe:*:Disabled:Windows Protection Suite"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-09-23 18:37:44 ----D---- C:\Program Files\trend micro
2009-09-23 18:37:41 ----D---- C:\rsit
2009-09-10 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 22:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-08 20:20:26 ----A---- C:\RootRepeal report 09-08-09 (20-20-26).txt
2009-09-06 08:52:33 ----D---- C:\Program Files\Common Files\PC Tools
2009-09-06 08:52:15 ----D---- C:\Program Files\Spyware Doctor
2009-09-06 08:52:15 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-09-06 08:51:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-06 00:48:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-09-06 00:48:35 ----D---- C:\Program Files\Spyware Terminator
2009-09-05 20:55:55 ----HD---- C:\$AVG8.VAULT$
2009-09-05 20:40:38 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-09-05 20:39:46 ----D---- C:\Program Files\AVG
2009-09-05 20:39:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-09-05 18:54:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-04 22:06:48 ----D---- C:\Create new Hosts file
2009-09-04 20:03:02 ----D---- C:\Program Files\Windows Defender
2009-09-04 10:14:57 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-04 10:14:46 ----D---- C:\Program Files\SUPERAntiSpyware
2009-09-04 10:14:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-04 09:45:32 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-02 19:01:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-02 19:01:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-02 19:01:36 ----D---- C:\Program Files\Malwarebytes
2009-09-02 18:28:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-01 21:03:47 ----D---- C:\Documents and Settings\Linda Middleditch\Application Data\Apple Computer
2009-08-31 11:35:54 ----D---- C:\Documents and Settings\Linda Middleditch\Application Data\Template
2009-08-30 20:18:36 ----D---- C:\Documents and Settings\Linda Middleditch\Application Data\AdobeUM
2009-08-30 14:38:41 ----D---- C:\Documents and Settings\Linda Middleditch\Application Data\Macromedia
2009-08-30 14:38:17 ----D---- C:\Documents and Settings\Linda Middleditch\Application Data\Adobe
2009-08-30 12:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-24 19:55:51 ----SHD---- C:\Documents and Settings\All Users\Application Data\6015cdb

======List of files/folders modified in the last 1 months======

2009-09-23 18:59:00 ----D---- C:\WINDOWS\Prefetch
2009-09-23 18:58:00 ----D---- C:\WINDOWS\Temp
2009-09-23 18:55:28 ----D---- C:\WINDOWS\system32
2009-09-23 18:55:16 ----D---- C:\WINDOWS
2009-09-23 18:54:37 ----A---- C:\hpqp.ini
2009-09-23 18:54:36 ----A---- C:\XP_TV.ini
2009-09-23 18:52:19 ----A---- C:\WINDOWS\bdagent.INI
2009-09-23 18:45:12 ----D---- C:\Program Files\Mozilla Firefox
2009-09-23 18:37:44 ----RD---- C:\Program Files
2009-09-23 18:23:07 ----SD---- C:\WINDOWS\Tasks
2009-09-22 20:27:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-22 15:20:51 ----A---- C:\WINDOWS\lexstat.ini
2009-09-20 21:42:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-20 21:01:24 ----HD---- C:\WINDOWS\inf
2009-09-20 21:01:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 22:09:59 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-09-10 22:09:52 ----A---- C:\WINDOWS\imsins.BAK
2009-09-10 22:09:22 ----D---- C:\WINDOWS\ie8updates
2009-09-08 20:03:42 ----D---- C:\WINDOWS\system32\drivers
2009-09-06 19:13:31 ----SHD---- C:\WINDOWS\Installer
2009-09-06 19:13:31 ----HD---- C:\Config.Msi
2009-09-06 19:13:30 ----D---- C:\WINDOWS\WinSxS
2009-09-06 08:52:33 ----D---- C:\Program Files\Common Files
2009-09-06 00:58:15 ----D---- C:\Program Files\Google
2009-09-06 00:58:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-09-06 00:57:00 ----D---- C:\Program Files\Windows Live Toolbar
2009-09-05 20:39:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-05 20:38:20 ----SD---- C:\Documents and Settings\Linda Middleditch\Application Data\Microsoft
2009-09-05 19:27:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-04 20:03:03 ----D---- C:\WINDOWS\pchealth
2009-09-04 20:03:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-03 15:29:22 ----D---- C:\Program Files\MSN
2009-09-02 20:13:38 ----D---- C:\Program Files\Lexmark X1100 Series
2009-08-30 14:36:50 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-28 22:38:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-05 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-05 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-09-05 108552]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1396224]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-28 424320]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-05 86792]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-05 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-05 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-22 98304]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-12-02 1179648]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-09-06 487424]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-09-21 1247600]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-11 1261568]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-12-16 86016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 MSK80Service;McAfee SpamKiller Service; c:\program files\mcafee\msk\msksrver.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-09-23 18:38:50

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitDefender Internet Security 2008-->MsiExec.exe /I{C7D014BC-4331-4649-866A-A884AA63590D}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
HijackThis 2.0.2-->"C:\Documents and Settings\Laura Middleditch\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP DVD Play 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0025-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52AE81CB-B786-490E-93CF-240A9891B392}\setup.exe" -l0x9 -removeonly
HP User Guides--System Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 C1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_135799\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark X1100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.20)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
netbrdg-->MsiExec.exe /I{56AB063D-1450-4BDE-9F0D-E9C693429C51}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PCDADDIN-->MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP-->MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
Quick Launch Buttons 5.20 G1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Ericsson PC Suite-->MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898}
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.1-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Hosts File======

74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 www.securesoftwarebill.com

======Security center information======

AV: Bitdefender Antivirus
AV: Spyware Doctor with AntiVirus
AV: Windows Protection Suite
AV: AVG Anti-Virus Free
FW: Windows Protection Suite
FW: Norton Internet Worm Protection (disabled)
FW: Bitdefender Firewall

======System event log======

Computer Name: MIDDLEDITCH
Event Code: 7000
Message: The BitDefender Desktop Update Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 44513
Source Name: Service Control Manager
Time Written: 20090825143721.000000+060
Event Type: error
User:

Computer Name: MIDDLEDITCH
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the BitDefender Desktop Update Service service to connect.

Record Number: 44512
Source Name: Service Control Manager
Time Written: 20090825143721.000000+060
Event Type: error
User:

Computer Name: MIDDLEDITCH
Event Code: 7000
Message: The Symantec Core LC service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 44511
Source Name: Service Control Manager
Time Written: 20090825143721.000000+060
Event Type: error
User:

Computer Name: MIDDLEDITCH
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect.

Record Number: 44510
Source Name: Service Control Manager
Time Written: 20090825143721.000000+060
Event Type: error
User:

Computer Name: MIDDLEDITCH
Event Code: 7000
Message: The McAfee SpamKiller Service service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 44509
Source Name: Service Control Manager
Time Written: 20090825143721.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: MIDDLEDITCH
Event Code: 12001
Message:
Record Number: 19855
Source Name: usnjsvc
Time Written: 20090615170146.000000+060
Event Type:
User:

Computer Name: MIDDLEDITCH
Event Code: 12001
Message:
Record Number: 19832
Source Name: usnjsvc
Time Written: 20090614135134.000000+060
Event Type:
User:

Computer Name: MIDDLEDITCH
Event Code: 12001
Message:
Record Number: 19817
Source Name: usnjsvc
Time Written: 20090613135738.000000+060
Event Type:
User:

Computer Name: MIDDLEDITCH
Event Code: 12001
Message:
Record Number: 19804
Source Name: usnjsvc
Time Written: 20090612211034.000000+060
Event Type:
User:

Computer Name: MIDDLEDITCH
Event Code: 12001
Message:
Record Number: 19789
Source Name: usnjsvc
Time Written: 20090612182401.000000+060
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE"=PRESARIO
"PLATFORM"=MCD
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by ncddcn, 23 September 2009 - 01:07 PM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:36 AM

Posted 23 September 2009 - 04:50 PM

Hi ncddcn,

You have way to many security programs installed, we need to clear some of this up first as having to many can cause conflicts between the programs and other issues.
The host file changes were not caused done by spybot these entries have been put there by malware, so we will have to fix your hosts file.

Firstly you have 3 programs with Anti Virus and some leftovers from Norton. You need to remove 2 of your AV's, I would suggest you keep Bitdefender as it covers
your AV anfd firewall.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove 2 out of these AVG Free 8.5, BitDefender or Spyware Doctor.

You also have 4 Anti Spyware programs, I would think 2 of these at most would be enough, so you should uninstall 2 of these.

Spybot - Search & Destroy
Spyware Terminator
SUPERAntiSpyware Free Edition
Windows Defender


Next

You still have some leftovers from an incomplete uninstallation of Norton security products on your computer.
To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.


Next

Download the HostsXpert
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Once you have done these steps please update Malwarebytes and run a quick scan, then post back here with the following:
  • MBAM log
  • New Rsit log
Thanks

unite.jpg


#5 ncddcn

ncddcn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 24 September 2009 - 05:04 PM

Thanks. Yes I knew I had to remove some AV Anti-spyware as I installed extra software in my attempts to clean as best I could. I have removed AVG, SuperAntiSpyware and Spware Terminator, leaving Bitdefender as recommended. However system is now protected as originally when malware infected it so a bit worried that defense is insufficient. Also removed Norton remaining bits and pieces as recommended. Regenerated hosts file.

I have run RSIT again but info.txt did not appear.

EDITED: Decided this morning to delete old info.txt and reran, and it then appeared so it is appended at the end.

Log.txt follows then followed by MBAM log.

Thanks again.

ncddcn



Logfile of random's system information tool 1.06 (written by random/random)
Run by Neil Middleditch at 2009-09-24 22:49:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 71 GB (80%) free of 89 GB
Total RAM: 894 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:50, on 24/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Neil Middleditch\Desktop\RSIT.exe
C:\Program Files\trend micro\Neil Middleditch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - c:\program files\mcafee\msk\msksrver.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9590 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-03-04 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-22 405504]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-11 368640]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\All Users\Application Data\6015cdb\WI6015.exe"="C:\Documents and Settings\All Users\Application Data\6015cdb\WI6015.exe:*:Disabled:Windows Protection Suite"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Documents and Settings\Neil Middleditch\Local Settings\Temp\7zS59.tmp\SymNRT.exe"="C:\Documents and Settings\Neil Middleditch\Local Settings\Temp\7zS59.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-09-23 18:37:44 ----D---- C:\Program Files\trend micro
2009-09-23 18:37:41 ----D---- C:\rsit
2009-09-10 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 22:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-08 20:20:26 ----A---- C:\RootRepeal report 09-08-09 (20-20-26).txt
2009-09-06 08:51:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-05 18:54:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-05 12:41:12 ----D---- C:\Documents and Settings\Neil Middleditch\Application Data\SUPERAntiSpyware.com
2009-09-04 22:06:48 ----D---- C:\Create new Hosts file
2009-09-04 20:03:02 ----D---- C:\Program Files\Windows Defender
2009-09-04 10:14:57 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-04 10:14:46 ----D---- C:\Program Files\SUPERAntiSpyware
2009-09-04 09:45:32 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-02 19:02:12 ----D---- C:\Documents and Settings\Neil Middleditch\Application Data\Malwarebytes
2009-09-02 19:01:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-02 19:01:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-02 19:01:36 ----D---- C:\Program Files\Malwarebytes
2009-09-02 18:28:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-30 12:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

======List of files/folders modified in the last 1 months======

2009-09-24 22:49:44 ----D---- C:\WINDOWS\Prefetch
2009-09-24 22:45:38 ----D---- C:\WINDOWS\Temp
2009-09-24 22:44:34 ----D---- C:\WINDOWS\system32
2009-09-24 21:21:04 ----D---- C:\WINDOWS\system32\drivers
2009-09-24 21:16:48 ----SD---- C:\WINDOWS\Tasks
2009-09-24 21:15:06 ----D---- C:\WINDOWS
2009-09-24 21:14:44 ----A---- C:\hpqp.ini
2009-09-24 21:14:40 ----A---- C:\XP_TV.ini
2009-09-24 21:12:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-24 21:12:09 ----A---- C:\WINDOWS\bdagent.INI
2009-09-24 21:11:32 ----D---- C:\Program Files\Mozilla Firefox
2009-09-24 21:10:37 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-09-24 20:40:32 ----SHD---- C:\WINDOWS\Installer
2009-09-24 20:40:32 ----D---- C:\Program Files\Common Files
2009-09-24 20:40:31 ----HD---- C:\Config.Msi
2009-09-24 20:00:35 ----RD---- C:\Program Files
2009-09-24 19:45:21 ----SD---- C:\Documents and Settings\Neil Middleditch\Application Data\Microsoft
2009-09-24 07:33:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-24 07:23:29 ----HD---- C:\WINDOWS\inf
2009-09-23 18:59:56 ----SHD---- C:\RECYCLER
2009-09-22 15:20:51 ----A---- C:\WINDOWS\lexstat.ini
2009-09-20 21:01:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 22:09:59 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-09-10 22:09:52 ----A---- C:\WINDOWS\imsins.BAK
2009-09-10 22:09:22 ----D---- C:\WINDOWS\ie8updates
2009-09-06 19:13:30 ----D---- C:\WINDOWS\WinSxS
2009-09-06 00:58:15 ----D---- C:\Program Files\Google
2009-09-06 00:58:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-09-06 00:57:00 ----D---- C:\Program Files\Windows Live Toolbar
2009-09-05 20:39:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-05 19:27:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-04 20:03:03 ----D---- C:\WINDOWS\pchealth
2009-09-04 20:03:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-03 15:29:22 ----D---- C:\Program Files\MSN
2009-09-03 04:15:18 ----SHD---- C:\Documents and Settings\All Users\Application Data\6015cdb
2009-09-02 20:13:38 ----D---- C:\Program Files\Lexmark X1100 Series
2009-08-30 14:36:50 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-28 22:38:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1396224]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-28 424320]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-05 86792]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-22 98304]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-12-02 1179648]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-11 1261568]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-12-16 86016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 MSK80Service;McAfee SpamKiller Service; c:\program files\mcafee\msk\msksrver.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

-----------------EOF-----------------


Malwarebytes' Anti-Malware 1.41
Database version: 2856
Windows 5.1.2600 Service Pack 3

24/09/2009 22:47:55
mbam-log-2009-09-24 (22-47-55).txt

Scan type: Quick Scan
Objects scanned: 124582
Time elapsed: 42 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected

Info.txt follows as created next morning :
info.txt logfile of random's system information tool 1.06 2009-09-25 06:50:03

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BitDefender Internet Security 2008-->MsiExec.exe /I{C7D014BC-4331-4649-866A-A884AA63590D}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
HijackThis 2.0.2-->"C:\Documents and Settings\Laura Middleditch\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP DVD Play 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0025-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52AE81CB-B786-490E-93CF-240A9891B392}\setup.exe" -l0x9 -removeonly
HP User Guides--System Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 C1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_135799\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark X1100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.20)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
netbrdg-->MsiExec.exe /I{56AB063D-1450-4BDE-9F0D-E9C693429C51}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PCDADDIN-->MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP-->MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
Quick Launch Buttons 5.20 G1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Ericsson PC Suite-->MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898}
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Bitdefender Antivirus
AV: Windows Protection Suite
FW: Windows Protection Suite
FW: Bitdefender Firewall

======System event log======

Computer Name: MIDDLEDITCH
Event Code: 10010
Message: The server {7A113666-6FED-4AC9-891C-D74E6BBCD6B0} did not register with DCOM within the required timeout.

Record Number: 45119
Source Name: DCOM
Time Written: 20090902190416.000000+060
Event Type: error
User: MIDDLEDITCH\Neil Middleditch

Computer Name: MIDDLEDITCH
Event Code: 10010
Message: The server {7A113666-6FED-4AC9-891C-D74E6BBCD6B0} did not register with DCOM within the required timeout.

Record Number: 45118
Source Name: DCOM
Time Written: 20090902190346.000000+060
Event Type: error
User: MIDDLEDITCH\Neil Middleditch

Computer Name: MIDDLEDITCH
Event Code: 7000
Message: The Symantec Core LC service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 45092
Source Name: Service Control Manager
Time Written: 20090902185423.000000+060
Event Type: error
User:

Computer Name: MIDDLEDITCH
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect.

Record Number: 45091
Source Name: Service Control Manager
Time Written: 20090902185423.000000+060
Event Type: error
User:

Computer Name: MIDDLEDITCH
Event Code: 7000
Message: The McAfee SpamKiller Service service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 45090
Source Name: Service Control Manager
Time Written: 20090902185423.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: MIDDLEDITCH
Event Code: 12001
Message:
Record Number: 19879
Source Name: usnjsvc
Time Written: 20090617172045.000000+060
Event Type:
User:

Computer Name: MIDDLEDITCH
Event Code: 12001
Message:
Record Number: 19855
Source Name: usnjsvc
Time Written: 20090615170146.000000+060
Event Type:
User:

Computer Name: MIDDLEDITCH
Event Code: 12001
Message:
Record Number: 19832
Source Name: usnjsvc
Time Written: 20090614135134.000000+060
Event Type:
User:

Computer Name: MIDDLEDITCH
Event Code: 12001
Message:
Record Number: 19817
Source Name: usnjsvc
Time Written: 20090613135738.000000+060
Event Type:
User:

Computer Name: MIDDLEDITCH
Event Code: 12001
Message:
Record Number: 19804
Source Name: usnjsvc
Time Written: 20090612211034.000000+060
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE"=PRESARIO
"PLATFORM"=MCD
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by ncddcn, 25 September 2009 - 12:55 AM.


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:36 AM

Posted 25 September 2009 - 04:13 AM

Hi,

Your defences are fine, Their is only so much security software can do for you, their are other thing you need to do in order to avoid getting infected.
Like, having safe surfing habits, avoiding P2P, keeping all software up to date, etc.

Rsit's info.txt is only produced on the first run, so you don't need to worry about that, just post log.txt in your next reply, thanks.

Rebuilding the WMI Repository

Go to Start >> Run, type Services.msc

From the list of services find Windows Management Instrumentation
Right click it, then select Stop. A message will pop up click yes.

Now navigate to this folder and delete it.

C:\WINDOWS\system32\wbem\Repository <-- This folder

Now go back to Windows Management Instrumentation in the services list.
Right click it, then select Start. Exit services list, then restart your computer.

Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

You have an outdated version of Adobe Reader, these have vulnerabilities that can be exploited by malware, to get in to your machine. Please follow these
steps to remove older versions of Adobe Reader and download the latest version.

Go to Start >> Settings >> Control Panel, double-click on Add/Remove Programs and remove any older versions of Adobe Reader.
  • Download the latest version of Adobe Acrobat Reader
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.
Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back here with the following logs:
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#7 ncddcn

ncddcn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 26 September 2009 - 03:06 AM

Thank you.

Please find report and log as requested.

I did notice mention of McAfee Spamkiller in previous info.txt. Does anything need to be done about this? There is a Mcafee folder but nothing in Add/Remove Programs.

KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 26, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 25, 2009 22:00:49
Records in database: 2920159
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Objects scanned 73727
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 02:20:56

No threats found. Scanned area is clean.
Selected area has been scanned.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Neil Middleditch at 2009-09-26 09:04:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 71 GB (79%) free of 89 GB
Total RAM: 894 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:04:47, on 26/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Neil Middleditch\Desktop\RSIT.exe
C:\Program Files\trend micro\Neil Middleditch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - c:\program files\mcafee\msk\msksrver.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9658 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-03-04 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-22 405504]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-11 368640]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-25 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\All Users\Application Data\6015cdb\WI6015.exe"="C:\Documents and Settings\All Users\Application Data\6015cdb\WI6015.exe:*:Disabled:Windows Protection Suite"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Documents and Settings\Neil Middleditch\Local Settings\Temp\7zS59.tmp\SymNRT.exe"="C:\Documents and Settings\Neil Middleditch\Local Settings\Temp\7zS59.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2009-09-25 21:07:38 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-25 21:07:30 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-09-25 21:05:57 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-09-25 20:53:55 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-25 20:53:55 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-25 20:53:55 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-25 20:53:54 ----A---- C:\WINDOWS\system32\java.exe
2009-09-23 18:37:44 ----D---- C:\Program Files\trend micro
2009-09-23 18:37:41 ----D---- C:\rsit
2009-09-10 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 22:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-08 20:20:26 ----A---- C:\RootRepeal report 09-08-09 (20-20-26).txt
2009-09-06 08:51:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-05 18:54:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-05 12:41:12 ----D---- C:\Documents and Settings\Neil Middleditch\Application Data\SUPERAntiSpyware.com
2009-09-04 22:06:48 ----D---- C:\Create new Hosts file
2009-09-04 20:03:02 ----D---- C:\Program Files\Windows Defender
2009-09-04 10:14:57 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-04 10:14:46 ----D---- C:\Program Files\SUPERAntiSpyware
2009-09-04 09:45:32 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-02 19:02:12 ----D---- C:\Documents and Settings\Neil Middleditch\Application Data\Malwarebytes
2009-09-02 19:01:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-02 19:01:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-02 19:01:36 ----D---- C:\Program Files\Malwarebytes
2009-09-02 18:28:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-30 12:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

======List of files/folders modified in the last 1 months======

2009-09-26 09:04:13 ----D---- C:\WINDOWS\Temp
2009-09-26 09:01:17 ----D---- C:\Program Files\Mozilla Firefox
2009-09-26 08:59:29 ----SD---- C:\WINDOWS\Tasks
2009-09-26 08:58:56 ----D---- C:\WINDOWS\system32
2009-09-26 08:56:49 ----RD---- C:\Program Files
2009-09-26 08:56:47 ----D---- C:\WINDOWS
2009-09-26 08:56:42 ----A---- C:\hpqp.ini
2009-09-26 08:56:41 ----A---- C:\XP_TV.ini
2009-09-26 08:56:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-26 01:12:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-26 01:12:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-26 01:12:08 ----A---- C:\WINDOWS\bdagent.INI
2009-09-26 01:10:11 ----D---- C:\WINDOWS\Prefetch
2009-09-25 21:10:55 ----SHD---- C:\WINDOWS\Installer
2009-09-25 21:10:53 ----HD---- C:\Config.Msi
2009-09-25 21:09:45 ----D---- C:\Program Files\Common Files\Adobe
2009-09-25 21:09:02 ----D---- C:\Program Files\Adobe
2009-09-25 21:07:38 ----D---- C:\Documents and Settings\Neil Middleditch\Application Data\Adobe
2009-09-25 21:07:30 ----D---- C:\Program Files\Common Files
2009-09-25 20:53:22 ----D---- C:\Program Files\Java
2009-09-25 20:17:29 ----D---- C:\WINDOWS\system32\wbem
2009-09-24 21:21:04 ----D---- C:\WINDOWS\system32\drivers
2009-09-24 21:10:37 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-09-24 19:45:21 ----SD---- C:\Documents and Settings\Neil Middleditch\Application Data\Microsoft
2009-09-24 07:23:29 ----HD---- C:\WINDOWS\inf
2009-09-23 18:59:56 ----SHD---- C:\RECYCLER
2009-09-22 15:20:51 ----A---- C:\WINDOWS\lexstat.ini
2009-09-20 21:01:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 22:09:59 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-09-10 22:09:52 ----A---- C:\WINDOWS\imsins.BAK
2009-09-10 22:09:22 ----D---- C:\WINDOWS\ie8updates
2009-09-06 19:13:30 ----D---- C:\WINDOWS\WinSxS
2009-09-06 00:58:15 ----D---- C:\Program Files\Google
2009-09-06 00:58:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-09-06 00:57:00 ----D---- C:\Program Files\Windows Live Toolbar
2009-09-05 20:39:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-04 20:03:03 ----D---- C:\WINDOWS\pchealth
2009-09-04 20:03:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-03 15:29:22 ----D---- C:\Program Files\MSN
2009-09-03 04:15:18 ----SHD---- C:\Documents and Settings\All Users\Application Data\6015cdb
2009-09-02 20:13:38 ----D---- C:\Program Files\Lexmark X1100 Series
2009-08-30 14:36:50 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-28 22:38:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1396224]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-28 424320]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-05 86792]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-22 98304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-25 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-12-02 1179648]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-11 1261568]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-12-16 86016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 MSK80Service;McAfee SpamKiller Service; c:\program files\mcafee\msk\msksrver.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

-----------------EOF-----------------

Edited by ncddcn, 26 September 2009 - 03:14 AM.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:36 AM

Posted 26 September 2009 - 12:47 PM

Hi,

The McAfee Spamkiller is just an orphan you can delete the folder and do the following to remove the service.
  • Go to Start >> Run
  • Copy and paste the following command lines into the Run box one at a time, pressing enter after each.

SC STOP MSK80Service
SC DELETE MSK80Service

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :(

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :(
Syler

unite.jpg


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:36 AM

Posted 27 September 2009 - 04:28 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users