Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSN hijacked home page, extremely slow system


  • This topic is locked This topic is locked
10 replies to this topic

#1 othoson

othoson

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:35 AM

Posted 10 September 2009 - 06:49 PM

MSN has hijacked my home page and the system is running extremely slow. I did all the cleanup and defrag. The dds.txt file is below and the attach.zip file is attached.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Michael at 18:39:39.10 on Thu 09/10/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.275 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\20090910\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
uInternet Settings,ProxyOverride = localhost
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_3_12_0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {259F616C-A300-44F5-B04A-ED001A26C85C} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~2\tools\iesdsg.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~2\tools\iesdpb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_3_12_0.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\progra~1\micros~4\wcescomm.exe"
uRun: [Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P66 "Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B" /M "Stylus Photo R200" /EF "HKCU"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ServiceConfig] "c:\program files\comcast\migcfg\programs\IspMig.exe"
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [nwiz] nwiz.exe /install
mRun: [DVDTray] "c:\program files\hp dvd\umbrella\DVDTray.exe"
mRun: [DVDBitSet] "c:\program files\hp dvd\umbrella\DVDBitSet.exe" /NOUI
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Spyware Doctor]
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn121t\wn121t.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
IE: &WordWeb... - c:\windows\system32\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~2\tools\iesdpb.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: FarLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://www.songtouch.com/install/network/install.exe
DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} - hxxp://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-141-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll
SEH: SpyZooka Service Hook: {d468bce5-d18e-49a4-8ea7-34bd583659d5} - c:\progra~1\spyzooka\spyguard.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2003-9-12 132899]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-28 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-12 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-28 108552]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2000-9-11 10816]
R1 ikhfile;File Security Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhfile.sys [2006-5-8 30560]
R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2006-2-6 50944]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2003-9-12 46810]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-4-30 394872]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-20 557056]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-28 298776]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-12-30 186016]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-12-30 177824]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [1998-11-27 6144]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2003-1-29 14336]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [2007-9-16 513152]
R3 DrmCVideo32;DrmCVideo32;c:\windows\system32\drivers\DrmCVideo32.sys [2007-9-16 2688]
S1 lkbdhlpr;Logitech Keyboard Class Helper Driver;c:\windows\system32\drivers\LKBDHLPR.SYS [2003-4-5 9952]
S2 ptssvc;ptssvc;c:\program files\kodak\kodak picture transfer software\ptssvc.exe --> c:\program files\kodak\kodak picture transfer software\PTSsvc.exe [?]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2001-2-14 106552]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2005-12-30 83616]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\drivers\FarDrive.sys [2004-5-20 142169]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [2003-4-5 14348]
S3 MA763010;M-Audio FastTrack;c:\windows\system32\drivers\ma763010.sys --> c:\windows\system32\drivers\MA763010.sys [?]
S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2003-3-30 153760]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2007-9-16 184320]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\drivers\wg121nd5.sys --> c:\windows\system32\drivers\wg121nd5.sys [?]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2000-9-11 30398]
S4 L8042PRT;Logitech Keyboard and PS/2 Mouse Port Driver;c:\windows\system32\drivers\L8042PRT.SYS [2003-4-3 84912]

=============== Created Last 30 ================


==================== Find3M ====================

2009-07-06 21:48 11,952 a------- c:\windows\system32\avgrsstx.dll
2008-04-13 22:19 90,912 ac------ c:\docume~1\michael\applic~1\GDIPFONTCACHEV1.DAT
2006-12-15 11:30 28,672 ac------ c:\windows\inf\wn121t\SetDrv.exe
2006-12-07 18:27 499,456 ac------ c:\windows\inf\wn121t\WN121TXP.sys
2006-07-05 11:21 212,992 ac------ c:\windows\inf\wn121t\CopyWHQLDriver.exe
2001-04-05 10:46 5,226,496 ac------ c:\program files\Epson Registration.exe
2009-05-11 12:22 128 ac-sh--- c:\windows\system32\1.dat

============= FINISH: 18:41:38.02 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:35 PM

Posted 25 September 2009 - 06:23 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:35 AM

Posted 25 September 2009 - 10:35 PM

log.txt content:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael at 2009-09-25 22:31:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (33%) free of 114 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:19 PM, on 9/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\20090910\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P66 "Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.songtouch.com/install/network/install.exe
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - Unknown owner - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14939 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-20 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-03 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll [2006-06-02 803048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll [2006-06-02 839920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968]
"BluetoothAuthenticationAgent"=irprops.cpl,,BluetoothAuthenticationAgent []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-04-26 29696]
"ServiceConfig"=C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe []
"PrinTray"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-03-29 36864]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-12-27 48800]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-10-18 278528]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-04-07 1106297]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-04-07 126976]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-04-07 1827640]
"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2006-06-18 968696]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-02-17 151597]
"nwiz"=nwiz.exe /install []
"DVDTray"=C:\Program Files\HP DVD\Umbrella\DVDTray.exe [2004-09-03 57344]
"DVDBitSet"=C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe [2003-12-18 184320]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-06 1948440]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-07 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\PROGRA~1\MICROS~4\wcescomm.exe [2006-06-20 1207080]
"Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\System32\LXSUPMON.EXE [2002-03-29 794112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-03-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\Winampa.exe [2002-04-26 12288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\PROGRA~1\Logitech\iTouch\iTouch.exe [2002-11-23 631362]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [2001-03-15 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Stardust Screen Saver Control 2003.lnk]
C:\WINDOWS\SCMain.exe [2004-01-02 355328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Stardust Wallpaper Control 2003.lnk]
C:\WINDOWS\WCMain.exe [2004-01-02 357376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^Screen Saver Control.lnk]
C:\WINDOWS\FSScrCtl.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NETGEAR WN121T Smart Wizard.lnk - C:\Program Files\NETGEAR\WN121T\wn121t.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Michael\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-06 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=C:\WINDOWS\system32\shdocvw.dll [2009-07-18 1509888]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"=C:\PROGRA~1\SpyZooka\spyguard.dll [2005-05-07 173568]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-03 126976]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager"
"C:\Program Files\FTP Explorer\ftpx.exe"="C:\Program Files\FTP Explorer\ftpx.exe:*:Enabled:FTP Explorer Application"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa Plus"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Netscape\Netscape\Netscp.exe"="C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d90db73a-d299-11dc-8d69-0007e9ed11bd}]
shell\AutoRun\command - "M:\Install FreeAgent Tools.exe" /run


======List of files/folders created in the last 1 months======

2009-09-25 22:31:25 ----D---- C:\rsit
2009-09-11 03:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-11 03:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 03:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-11 03:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-11 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-11 03:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-11 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-11 03:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-11 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-11 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-11 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-11 03:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-11 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-11 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-11 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-11 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-11 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

======List of files/folders modified in the last 1 months======

2009-09-25 22:31:44 ----D---- C:\WINDOWS\Prefetch
2009-09-25 22:31:42 ----D---- C:\WINDOWS\Temp
2009-09-25 22:26:56 ----D---- C:\WINDOWS\system32
2009-09-25 22:26:56 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-25 22:25:34 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-25 22:24:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-25 22:24:29 ----SD---- C:\WINDOWS\Tasks
2009-09-25 22:20:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-25 22:15:10 ----D---- C:\Program Files\Mozilla Firefox
2009-09-25 22:14:57 ----D---- C:\WINDOWS\Internet Logs
2009-09-17 10:17:43 ----D---- C:\WINDOWS
2009-09-11 03:11:27 ----HD---- C:\WINDOWS\inf
2009-09-11 03:11:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-11 03:06:04 ----A---- C:\WINDOWS\imsins.BAK
2009-09-11 03:05:31 ----SHD---- C:\WINDOWS\Installer
2009-09-11 03:05:31 ----SHD---- C:\Config.Msi
2009-09-11 03:03:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-11 03:02:45 ----D---- C:\Program Files\Outlook Express
2009-09-11 03:02:05 ----D---- C:\WINDOWS\WinSxS
2009-08-28 14:38:22 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-06 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-06 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-20 108552]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2000-09-11 10816]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2005-02-02 14408]
R1 ikhfile;File Security Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhfile.sys []
R1 ikhlayer;Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhlayer.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 PQIMount;PQIMount; C:\WINDOWS\system32\drivers\PQIMount.sys [2003-09-12 46810]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2006-06-18 394872]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 IOPort;IOPort; \??\C:\WINDOWS\System32\DRIVERS\IOPORT.SYS []
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\System32\Drivers\LxrJD31d.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2006-04-26 32224]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 DrmCDriverV32;DrmCDriverV32; C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2007-08-31 513152]
R3 DrmCVideo32;DrmCVideo32; C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2007-07-18 2688]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2002-11-15 12640]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-03-04 73134]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-07-13 171008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\system32\DRIVERS\WN121TXP.sys [2006-12-07 499456]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-03-31 28164]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 lkbdhlpr;Logitech Keyboard Class Helper Driver; C:\WINDOWS\System32\Drivers\lkbdhlpr.sys [2000-07-19 9952]
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-02-10 27344]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive; C:\WINDOWS\System32\Drivers\FarDrive.sys [2004-05-20 142169]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys []
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2003-03-04 53870]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-03-04 14348]
S3 LHidKE;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [2004-04-26 24605]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-04-26 38081]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2004-04-26 71405]
S3 MA763010;M-Audio FastTrack; C:\WINDOWS\system32\drivers\MA763010.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nuvaud2;NUVision II Audio Service; C:\WINDOWS\System32\DRIVERS\nuvaud2.sys [2001-07-11 25024]
S3 NUVision;NUVision II Video Service; C:\WINDOWS\System32\DRIVERS\nuvvid2.sys [2001-10-28 153760]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2004-02-11 16772]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter; C:\WINDOWS\System32\DRIVERS\wg121nd5.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2000-09-11 30398]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 L8042PRT;Logitech Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\System32\DRIVERS\l8042prt.sys [1998-08-19 84912]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-07-20 557056]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-04-07 204800]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2005-12-08 100032]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-06 906520]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-06 298776]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-12-27 186016]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-12-27 177824]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2002-11-25 49152]
R2 IISADMIN;IIS Admin; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-07 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-03-29 287744]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2005-02-19 71168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2006-06-08 871080]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 V2i Protector;V2i Protector; C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe [2003-09-12 1208320]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-18 323584]
S2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
S2 ptssvc;ptssvc; C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe []
S2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe []
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2006-06-18 75768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2001-02-14 106552]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-12-27 83616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2005-12-08 2041536]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2007-08-17 184320]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


info.txt content:
info.txt logfile of random's system information tool 1.06 2009-09-25 22:32:25

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82F248C6-D392-11D5-9EA2-0050BAE317E1}\setup.exe" -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
AC-3 ACM Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf
Acronis True Image Home-->MsiExec.exe /X{7F129516-73AD-4232-8FD0-C7BC2508B274}
Ad-Aware 2007-->MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 1.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
AnalogX POW!-->C:\Program Files\AnalogX\POW\powu.exe
Any Video Converter 1.0.2-->"C:\Program Files\Any Video Converter\unins000.exe"
ArcSoft ShowBiz DVD 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE636486-7E13-4051-9067-AFC4E1B8F54E}\Setup.exe" -l0x9
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
ccCommon-->MsiExec.exe /I{D8F6834B-D5E7-4451-8681-B051ABD8561D}
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
Copy Utility-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Copy Utility\Uninst.isu"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dawn-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5569C99B-129C-426E-920A-FD1F0DC01FDC}\Setup.exe"
dBpowerAMP Au Codec-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Au Codec.dat
dBpowerAMP Music Converter-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP Winamp Codec-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Winamp Codec.dat
dBpowerAMP WMA V8 Codec-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V8 Codec.dat
Digital Media Converter 2.4-->"C:\Program Files\Deskshare\Digital Media Converter\unins000.exe"
DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log
DivX Player 2.1-->C:\Program Files\DivX\DivX Player 2.1\uninstall.bat
DRM Converter 3.0.7-->"C:\Program Files\DRM Converter\unins000.exe"
DVC80-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99B98440-4A0D-11D5-8310-0050DABBB21D}\Setup.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EPSON Photo Print-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Smart Panel-->C:\Program Files\EPSON\Smart Panel\SPUninst.exe
EPSON SP R200 Reference Guide-->C:\Program Files\epson\guide\spr200_e\uninstall.exe
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" UNINSTALL
FTP Explorer-->C:\Program Files\FTP Explorer\ftpx.exe /uninstall
Helix Producer Basic 9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9112236-A5B9-416A-ACE8-E215BE9BA488}\Setup.exe" -l0x9 RunSemiSilent
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix 2055 for SQL Server 2000 ENU (KB960082)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP DVD Writer-->"C:\Program Files\HP DVD\Support\Uninstall.exe" /UNINSTALL
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{27555031-A116-4EC6-9991-7B400142A936}\setup\hpzscr01.exe" -datfile hposcr08.dat
HTML-Kit-->"C:\Program Files\Chami\HTML-Kit\unins000.exe"
iLumina Gold Premium-->C:\Program Files\iLuminaPremium\Uninstall.exe
Indeo® XP Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\UninstXP.isu"
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
Java 2 Runtime Environment, SE v1.4.0_03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start-->"C:\Program Files\Java\j2re1.4.2_03\javaws\uninst-javaws.exe"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JD Secure 3.1-->C:\WINDOWS\System32\JDSecure31.exe /u
Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
KONICA_MINOLTA DiMAGE remote camera driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99E67091-D392-4031-AD2A-E9547F3615F8}\setup.exe" -l0x9
Live Lite 4 for M-Audio 4.0.4-->C:\PROGRA~1\Ableton\LIVELI~1.4\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVELI~1.4\Install\INSTALL.LOG
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.76 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech User's Guide-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Logitech\UsrGuide\UGUninst.isu" -c"C:\Program Files\Logitech\UsrGuide\UGUnInst.dll"
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
MAGIX mp3 maker platinum-->C:\MAGIX\mp3maker_platinum\unwise.exe C:\MAGIX\mp3maker_platinum\INSTALL.LOG
MAGIX playR jukebox-->C:\MAGIX\mp3maker_platinum\playR_jukebox\unwise.exe C:\MAGIX\mp3maker_platinum\playR_jukebox\INSTALL.LOG
MaxBlast 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
Metafile Companion 1.10-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Companion Software\Metafile Companion\DeIsL1.isu"
MGI VideoWave 4-->MsiExec.exe /I{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}
Micrografx Picture Publisher 8-->C:\WINDOWS\mgxclean.exe /r"SOFTWARE\Micrografx\Uninstaller4" pp80.app leadpp8.app
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{913B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{91510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft PowerPoint Viewer 97-->C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft Publisher 2002-->MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (PINNACLESYS)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
muvee autoProducer 3.5_LE10 - HPC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED2922DF-10E1-4D53-A941-0B343A97F050}\setup.exe" -l0x9
NETg Learning Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40C2D00A-9235-4EA2-8AB9-2CAB7A842B49}\setup.exe"
NETGEAR WN121T wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{2A17F4DB-C3B7-4E45-AECC-7F9FF6909C4B}\setup.exe -runfromtemp -l0x0409
Netscape (7.2)-->C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Palm Desktop and Synchronization Software-->MsiExec.exe /X{13EDFFFE-DCF2-448A-A653-3C4CD60D99B4}
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PassAlong Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}\install.exe" -l0x9
Passware Kit Enterprise 8.0-->C:\Program Files\Passware\un-kit_ent.exe
PCShowBuzz-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E2FF92D-1E63-41FB-A945-99A2DB58015A}\Setup.exe" -l0x9
Pdf995-->c:\pdf995\setup.exe uninstall
PdfEdit995-->c:\pdf995\res\utilities\thinsetup.exe - uninstall
PF 2450 PHOTO Guide-->C:\WINDOWS\uninst.exe -f"C:\Program Files\EPSON\2450 PHOTO\DeIsL1.isu"
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
Pinnacle MediaServer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x9 UNINSTALL
PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDirector Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PowerQuest Drive Image 7.0-->MsiExec.exe /X{8D538DFC-1E7A-45F0-9C7B-D8B6629CC2DC}
proDAD Heroglyph 2.5-->"C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RAPID (Studio 10)-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\Setup.exe" ADDREMOVEDLG
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins002.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Doctor 3.8-->"C:\Program Files\Spyware Doctor\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
SpyZooka-->MsiExec.exe /X{6FE4AA77-DF4C-48E9-A3E8-494926D163A4}
Stardust Screen Saver Control 2003 (3.0.0.66)-->C:\WINDOWS\unins000.exe
Stardust Screen Saver QuickStart 2.1-->"C:\Program Files\Stardust\Screen Saver QuickStart 2.1\unins000.exe"
Stardust Wallpaper Control 2003 (1.0.0.4)-->C:\WINDOWS\unins001.exe
Studio 10 Bonus DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}\Setup.exe" -l0x9 UNINSTALL
Studio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL
Super DVD Ripper (remove only)-->"C:\Program Files\Super DVD Ripper\sdvd-uninst.exe"
Symantec pcAnywhere-->MsiExec.exe /I{B05E8183-866A-11D3-97DF-0000F8D8F2E9}
The Shield 2006 Professional-->C:\Program Files\The Shield Firewall\uninst.exe
Undisker-->C:\WINDOWS\UnGins.exe "C:\Program Files\Undisker\install.log"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
UPMP v2.0-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\UPMP v2.0\ST6UNST.LOG"
Verizon FiOS Activation-->"C:\WINDOWS\FIOS\unins000.exe"
Verizon SmartCall-->C:\PROGRA~1\VERIZO~1\SMARTC~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\SMARTC~1\INSTALL.LOG
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vocal Remover-->"C:\Documents and Settings\All Users\Application Data\{7DDD0C26-E7D0-4422-8616-030EE13368AF}\Vocal Remover Web & CD.exe" REMOVE=TRUE MODIFY=FALSE
Wal-Mart Music Downloads Store-->MsiExec.exe /I{B8A432E2-D541-4F48-B9E8-243BEEC3D158}
Weather Services-->C:\WINDOWS\System32\control.exe C:\WINDOWS\System32\wxfw.cpl,4
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordWeb-->C:\Program Files\WordWeb\uninst.exe
XoftSpy-->C:\Program Files\XoftSpy\uninstall.exe
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
Yahoo! Companion-->rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost
127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free (outdated)
FW: ZoneAlarm Firewall (disabled)

======System event log======

Computer Name: C422462-A
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 20
Source Name: Windows Update Agent
Time Written: 20090817221209.000000-300
Event Type: error
User:

Computer Name: C422462-A
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 19
Source Name: W32Time
Time Written: 20090817025826.000000-300
Event Type: warning
User:

Computer Name: C422462-A
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
lkbdhlpr
SYMTDI

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090816132016.000000-300
Event Type: error
User:

Computer Name: C422462-A
Event Code: 7000
Message: The ptssvc service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 4
Source Name: Service Control Manager
Time Written: 20090816131933.000000-300
Event Type: error
User:

Computer Name: C422462-A
Event Code: 101
Message: The server was unable to add the virtual root '/shopping' for the directory 'C:\Inetpub\wwwroot\shopping' due to the following error: The system cannot find the file specified. The data is the error code.

For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Record Number: 3
Source Name: W3SVC
Time Written: 20090816131915.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: C422462-A
Event Code: 1001
Message: Detection of product '{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}', feature 'MPEG2_Produce' failed during request for component '{4F1C55BF-1E25-4162-A3C2-9398197882E8}'

Record Number: 16688
Source Name: MsiInstaller
Time Written: 20080427021903.000000-300
Event Type: warning
User: C422462-A\Michael

Computer Name: C422462-A
Event Code: 1001
Message: Detection of product '{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}', feature 'MPEG2_Produce' failed during request for component '{4F1C55BF-1E25-4162-A3C2-9398197882E8}'

Record Number: 16687
Source Name: MsiInstaller
Time Written: 20080427021903.000000-300
Event Type: warning
User: C422462-A\Michael

Computer Name: C422462-A
Event Code: 1001
Message: Detection of product '{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}', feature 'MPEG2_Produce' failed during request for component '{4F1C55BF-1E25-4162-A3C2-9398197882E8}'

Record Number: 16686
Source Name: MsiInstaller
Time Written: 20080427021842.000000-300
Event Type: warning
User: C422462-A\Michael

Computer Name: C422462-A
Event Code: 1001
Message: Detection of product '{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}', feature 'MPEG2_Produce' failed during request for component '{4F1C55BF-1E25-4162-A3C2-9398197882E8}'

Record Number: 16685
Source Name: MsiInstaller
Time Written: 20080427021821.000000-300
Event Type: warning
User: C422462-A\Michael

Computer Name: C422462-A
Event Code: 1001
Message: Detection of product '{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}', feature 'MPEG2_Produce' failed during request for component '{4F1C55BF-1E25-4162-A3C2-9398197882E8}'

Record Number: 16684
Source Name: MsiInstaller
Time Written: 20080427021821.000000-300
Event Type: warning
User: C422462-A\Michael

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\Real\Helix Producer Basic;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:35 PM

Posted 26 September 2009 - 01:02 PM

Hi othoson,

Can you give me a description of any problems you may currently be having? I see a few things in your logs including a backdoor trojan unfortunately.

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
Please post back here with the following logs:
  • MBAM log
  • RootRepeal report
  • New Rsit log
Thanks

unite.jpg


#5 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:35 AM

Posted 28 September 2009 - 01:33 PM

Yes, I would like to try to clean up this computer. It will not be used for secure transactions.
I ran the MBAM and RSIT, but the RootRepeal would not run. I kept getting a Compression Error. I downloaded it twice and ran it twice. Should I try something else?
Here are my MBAM and RSIT logs:

MBAM:
Malwarebytes' Anti-Malware 1.41
Database version: 2864
Windows 5.1.2600 Service Pack 3

9/27/2009 1:29:35 AM
mbam-log-2009-09-27 (01-29-35).txt

Scan type: Quick Scan
Objects scanned: 142542
Time elapsed: 1 hour(s), 40 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Backdoor.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UpdateWin (Backdoor.Sdbot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Robbie\Local Settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael at 2009-09-28 12:37:29
Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (32%) free of 114 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:32 PM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Michael\Desktop\RootRepeal\RootRepeal.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\20090910\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P66 "Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.songtouch.com/install/network/install.exe
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - Unknown owner - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 15092 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-20 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-03 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll [2006-06-02 803048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll [2006-06-02 839920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968]
"BluetoothAuthenticationAgent"=irprops.cpl,,BluetoothAuthenticationAgent []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-04-26 29696]
"ServiceConfig"=C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe []
"PrinTray"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-03-29 36864]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-12-27 48800]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-10-18 278528]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-04-07 1106297]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-04-07 126976]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-04-07 1827640]
"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2006-06-18 968696]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-02-17 151597]
"nwiz"=nwiz.exe /install []
"DVDTray"=C:\Program Files\HP DVD\Umbrella\DVDTray.exe [2004-09-03 57344]
"DVDBitSet"=C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe [2003-12-18 184320]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-06 1948440]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-07 136600]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\PROGRA~1\MICROS~4\wcescomm.exe [2006-06-20 1207080]
"Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\System32\LXSUPMON.EXE [2002-03-29 794112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-03-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\Winampa.exe [2002-04-26 12288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\PROGRA~1\Logitech\iTouch\iTouch.exe [2002-11-23 631362]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [2001-03-15 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Stardust Screen Saver Control 2003.lnk]
C:\WINDOWS\SCMain.exe [2004-01-02 355328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Stardust Wallpaper Control 2003.lnk]
C:\WINDOWS\WCMain.exe [2004-01-02 357376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^Screen Saver Control.lnk]
C:\WINDOWS\FSScrCtl.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NETGEAR WN121T Smart Wizard.lnk - C:\Program Files\NETGEAR\WN121T\wn121t.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Michael\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-06 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=C:\WINDOWS\system32\shdocvw.dll [2009-07-18 1509888]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"=C:\PROGRA~1\SpyZooka\spyguard.dll [2005-05-07 173568]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-03 126976]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager"
"C:\Program Files\FTP Explorer\ftpx.exe"="C:\Program Files\FTP Explorer\ftpx.exe:*:Enabled:FTP Explorer Application"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa Plus"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Netscape\Netscape\Netscp.exe"="C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d90db73a-d299-11dc-8d69-0007e9ed11bd}]
shell\AutoRun\command - "M:\Install FreeAgent Tools.exe" /run


======List of files/folders created in the last 1 months======

2009-09-27 01:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-26 22:46:21 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2009-09-26 22:45:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-26 22:45:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-25 22:31:25 ----D---- C:\rsit
2009-09-11 03:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-11 03:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 03:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-11 03:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-11 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-11 03:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-11 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-11 03:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-11 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-11 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-11 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-11 03:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-11 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-11 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-11 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-11 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-11 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

======List of files/folders modified in the last 1 months======

2009-09-28 12:39:31 ----D---- C:\WINDOWS\Temp
2009-09-28 12:34:20 ----D---- C:\WINDOWS\Internet Logs
2009-09-28 11:38:34 ----D---- C:\WINDOWS\Prefetch
2009-09-28 11:37:55 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-28 11:10:11 ----D---- C:\WINDOWS\system32\drivers
2009-09-28 11:07:07 ----D---- C:\WINDOWS\system32
2009-09-28 11:07:07 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-28 11:04:07 ----SD---- C:\WINDOWS\Tasks
2009-09-28 11:02:39 ----D---- C:\WINDOWS
2009-09-28 10:59:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-27 01:56:16 ----HD---- C:\WINDOWS\inf
2009-09-27 01:55:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-27 01:54:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-27 01:29:35 ----RSD---- C:\WINDOWS\Fonts
2009-09-26 22:45:21 ----RD---- C:\Program Files
2009-09-26 16:20:30 ----D---- C:\WINDOWS\network diagnostic
2009-09-26 03:01:09 ----SHD---- C:\WINDOWS\Installer
2009-09-26 03:01:09 ----SHD---- C:\Config.Msi
2009-09-26 00:09:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-25 22:15:10 ----D---- C:\Program Files\Mozilla Firefox
2009-09-11 03:11:27 ----A---- C:\WINDOWS\imsins.BAK
2009-09-11 03:02:45 ----D---- C:\Program Files\Outlook Express
2009-09-11 03:02:05 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-06 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-06 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-20 108552]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2000-09-11 10816]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2005-02-02 14408]
R1 ikhfile;File Security Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhfile.sys []
R1 ikhlayer;Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhlayer.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 PQIMount;PQIMount; C:\WINDOWS\system32\drivers\PQIMount.sys [2003-09-12 46810]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2006-06-18 394872]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 IOPort;IOPort; \??\C:\WINDOWS\System32\DRIVERS\IOPORT.SYS []
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\System32\Drivers\LxrJD31d.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2006-04-26 32224]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 DrmCDriverV32;DrmCDriverV32; C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2007-08-31 513152]
R3 DrmCVideo32;DrmCVideo32; C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2007-07-18 2688]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2002-11-15 12640]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-03-04 73134]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-07-13 171008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\system32\DRIVERS\WN121TXP.sys [2006-12-07 499456]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-03-31 28164]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 lkbdhlpr;Logitech Keyboard Class Helper Driver; C:\WINDOWS\System32\Drivers\lkbdhlpr.sys [2000-07-19 9952]
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-02-10 27344]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive; C:\WINDOWS\System32\Drivers\FarDrive.sys [2004-05-20 142169]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys []
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2003-03-04 53870]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-03-04 14348]
S3 LHidKE;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [2004-04-26 24605]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-04-26 38081]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2004-04-26 71405]
S3 MA763010;M-Audio FastTrack; C:\WINDOWS\system32\drivers\MA763010.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nuvaud2;NUVision II Audio Service; C:\WINDOWS\System32\DRIVERS\nuvaud2.sys [2001-07-11 25024]
S3 NUVision;NUVision II Video Service; C:\WINDOWS\System32\DRIVERS\nuvvid2.sys [2001-10-28 153760]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2004-02-11 16772]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter; C:\WINDOWS\System32\DRIVERS\wg121nd5.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2000-09-11 30398]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 L8042PRT;Logitech Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\System32\DRIVERS\l8042prt.sys [1998-08-19 84912]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-07-20 557056]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-04-07 204800]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2005-12-08 100032]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-06 906520]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-06 298776]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-12-27 186016]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-12-27 177824]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2002-11-25 49152]
R2 IISADMIN;IIS Admin; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-07 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-03-29 287744]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2005-02-19 71168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2006-06-08 871080]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 V2i Protector;V2i Protector; C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe [2003-09-12 1208320]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2006-06-18 75768]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-18 323584]
S2 ptssvc;ptssvc; C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe []
S2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2001-02-14 106552]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-12-27 83616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2005-12-08 2041536]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2007-08-17 184320]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:35 PM

Posted 28 September 2009 - 06:05 PM

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Next

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    mchInjDrv
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^Screen Saver Control.lnk]
    :Commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back here with the following logs:
  • OTM results
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#7 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:35 AM

Posted 29 September 2009 - 04:25 PM

OTM results, Kasperksy report, and new RSIT log:

OTM results:
All processes killed
========== SERVICES/DRIVERS ==========
Service\Driver mchInjDrv not found.
Service\Driver key mchInjDrv deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259F616C-A300-44F5-B04A-ED001A26C85C}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^Screen Saver Control.lnk\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: C422462-A

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49286 bytes

User: Michael
->Temp folder emptied: 15868724 bytes
->Temporary Internet Files folder emptied: 84429843 bytes
->Java cache emptied: 1869991 bytes
->FireFox cache emptied: 9458363 bytes

User: NetworkService
->Temp folder emptied: 1313145 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Robbie
->Temp folder emptied: 436428624 bytes
->Temporary Internet Files folder emptied: 58361195 bytes
->Java cache emptied: 7672456 bytes
->FireFox cache emptied: 3333798 bytes

User: Robbie.C422462-A
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2459094 bytes

User: Zack
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128433 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1088898 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\TMP0000001506CF392D5ABFD7FF scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT04fc4.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT04ffb.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 7612780 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 600.98 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09292009_001834

Files moved on Reboot...
File C:\WINDOWS\temp\TMP0000001506CF392D5ABFD7FF not found!
File C:\WINDOWS\temp\ZLT04fc4.TMP not found!
File C:\WINDOWS\temp\ZLT04ffb.TMP not found!

Registry entries deleted on Reboot...


Kaspersky report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 29, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 29, 2009 07:57:00
Records in database: 2934439
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
E:\
F:\
J:\

Scan statistics:
Objects scanned: 244965
Threats found: 19
Infected objects found: 89
Suspicious objects found: 276
Scan duration: 12:24:56


File name / Threat / Threats count
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\incoming.yahoo.verizon.net\Filed.sbd\aaUOP.sbd\00 Articles Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\incoming.yahoo.verizon.net\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\incoming.yahoo.verizon.net\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 21
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\incoming.yahoo.verizon.net\Inbox Infected: Trojan-Spy.HTML.Bayfraud.kl 4
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\incoming.yahoo.verizon.net\Inbox Infected: Trojan-Downloader.Win32.Agent.auu 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\incoming.yahoo.verizon.net\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 12
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.net\Filed.sbd\aaUOP.sbd\00 Articles Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.net\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 21
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Bayfraud.kl 4
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.net\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 12
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.netOld\Filed.sbd\aaUOP.sbd\00 Articles Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.netOld\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.netOld\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 21
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.netOld\Inbox Infected: Trojan-Spy.HTML.Bayfraud.kl 4
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.netOld\Inbox Infected: Trojan-Downloader.Win32.Agent.auu 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\archive\pop.sbcglobal.netOld\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 12
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\incoming.yahoo.verizon.net\Filed.sbd\aaUOP.sbd\00 Articles Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\incoming.yahoo.verizon.net\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\incoming.yahoo.verizon.net\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 21
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\incoming.yahoo.verizon.net\Inbox Infected: Trojan-Spy.HTML.Bayfraud.kl 4
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\incoming.yahoo.verizon.net\Inbox Infected: Trojan-Downloader.Win32.Agent.auu 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\incoming.yahoo.verizon.net\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 12
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\Local Folders\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 5
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\Local Folders\Sent Infected: Trojan-Spy.HTML.Paylap.m 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\Local Folders\Trash Infected: Trojan-Spy.HTML.Bankfraud.qb 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zd.slt\Mail\Local Folders\Trash Infected: Trojan-Spy.HTML.Paylap.jg 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\Local Folders\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 5
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\Local Folders\Sent Infected: Trojan-Spy.HTML.Paylap.m 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 8
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Dropper.VBS.Zerolin 5
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Citifraud.p 2
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Downloader.JS.gen 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Bayfraud.g 4
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Paylap.bg 3
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Bayfraud.ks 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Paylap.bx 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Bankfraud.cm 1
C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\qntkb4zdBAD.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Bayfraud.ev 1
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\Local Folders\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 5
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\Local Folders\Sent Infected: Trojan-Spy.HTML.Paylap.m 1
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\Local Folders\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 5
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\Local Folders\Trash Infected: Trojan-Spy.HTML.Paylap.m 1
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\aaUOP.sbd\00 Articles Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 12
C:\Documents and Settings\Michael\My Documents\My Web Stuff\Salsa de Miguel\archive\almacen.jpe Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Robbie\Application Data\Mozilla\Profiles\michaeldperry\1m5b4m9t.slt\Mail\mail\Local Folders\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 5
C:\Documents and Settings\Robbie\Application Data\Mozilla\Profiles\michaeldperry\1m5b4m9t.slt\Mail\mail\Local Folders\Sent Infected: Trojan-Spy.HTML.Paylap.m 1
C:\Documents and Settings\Robbie\Application Data\Mozilla\Profiles\michaeldperry\1m5b4m9t.slt\Mail\mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Robbie\Application Data\Mozilla\Profiles\michaeldperry\1m5b4m9t.slt\Mail\mail\pop.sbcglobal.net\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\Robbie\Application Data\Mozilla\Profiles\michaeldperry\1m5b4m9t.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Dropper.VBS.Zerolin 4
C:\Documents and Settings\Robbie\Application Data\Mozilla\Profiles\michaeldperry\1m5b4m9t.slt\Mail\mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Citifraud.p 2
C:\Documents and Settings\Robbie\My Documents\robbie\to4kql31.slt\Mail\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 4
C:\Documents and Settings\Robbie\My Documents\robbie\to4kql31.slt\Mail\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 4
C:\Documents and Settings\Robbie\My Documents\Robbie20080621\Mail\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 4
C:\Program Files\Netscape\Users\michaeldperry\Mail\Local Folders\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 5
C:\Program Files\Netscape\Users\michaeldperry\Mail\Local Folders\Sent Infected: Trojan-Spy.HTML.Paylap.m 1
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 8
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox Infected: Trojan-Dropper.VBS.Zerolin 5
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Citifraud.p 2
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox Infected: Trojan-Downloader.JS.gen 1
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Bayfraud.g 4
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Paylap.bg 3
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Bayfraud.ks 1
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Paylap.bx 1
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Bankfraud.cm 1
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox Infected: Trojan-Spy.HTML.Bayfraud.ev 1
C:\WINDOWS\system32\scenicnc.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
F:\aArchive\BackupJumpDrive20061104\Robbie\robbie\Mail\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\aArchive\BackupJumpDrive20061104\Robbie\robbie\Mail\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\aArchive\BackupJumpDrive20061122\Robbie\robbie\Mail\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 4
F:\aArchive\BackupJumpDrive20061122\Robbie\robbie\Mail\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\aArchive\BackupJumpDrive20061122\Robbie\robbie\Mail\Trash Infected: Backdoor.Win32.Haxdoor.kg 4
F:\aArchive\BackupJumpDrive20061128\Robbie\robbie\Mail\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\aArchive\BackupJumpDrive20061128\Robbie\robbie\Mail\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\aArchive\BackupJumpDrive20061128\Robbie\robbie\Mail\Trash Infected: Backdoor.Win32.Haxdoor.kg 4
F:\aArchive\BackupJumpDrive20061205\Robbie\robbie\Mail\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\aArchive\BackupJumpDrive20061205\Robbie\robbie\Mail\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\aArchive\BackupJumpDrive20061205\Robbie\robbie\Mail\Trash Infected: Backdoor.Win32.Haxdoor.kg 4
F:\aArchive\BackupJumpDrive20061215\Robbie\robbie\Mail\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\aArchive\BackupJumpDrive20061215\Robbie\robbie\Mail\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\aArchive\BackupJumpDrive20061215\Robbie\robbie\Mail\Trash Infected: Backdoor.Win32.Haxdoor.kg 4
F:\aArchive\BackupJumpDrive20070116\Robbie\robbie\Mail\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\aArchive\BackupJumpDrive20070116\Robbie\robbie\Mail\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 5

Selected area has been scanned.


new RSIT log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael at 2009-09-29 16:20:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 39 GB (34%) free of 114 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:00 PM, on 9/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Michael\Local Settings\Temp\jkos-Michael\binaries\ScanningProcess.exe
C:\Documents and Settings\Michael\Local Settings\Temp\jkos-Michael\binaries\ScanningProcess.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\20090910\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P66 "Auto Auto EPSON Stylus Photo R200 Series on C422462-A on

C422462-B" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.songtouch.com/install/network/install.exe
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -

https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared

files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - Unknown owner - C:\Program

Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 15137 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-29 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-03 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll [2006-06-02 803048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll [2006-06-02 839920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

[2004-01-07 272983]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968]
"BluetoothAuthenticationAgent"=irprops.cpl,,BluetoothAuthenticationAgent []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-04-26 29696]
"ServiceConfig"=C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe []
"PrinTray"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-03-29 36864]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-12-27 48800]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-10-18 278528]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-04-07 1106297]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-04-07 126976]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-04-07 1827640]
"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2006-06-18 968696]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-02-17 151597]
"nwiz"=nwiz.exe /install []
"DVDTray"=C:\Program Files\HP DVD\Umbrella\DVDTray.exe [2004-09-03 57344]
"DVDBitSet"=C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe [2003-12-18 184320]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-29 2007832]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-29 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\PROGRA~1\MICROS~4\wcescomm.exe [2006-06-20 1207080]
"Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE

[2003-07-08 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\System32\LXSUPMON.EXE [2002-03-29 794112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-03-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\Winampa.exe [2002-04-26 12288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\PROGRA~1\Logitech\iTouch\iTouch.exe [2002-11-23 631362]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start

Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [2001-03-15 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start

Menu^Programs^Startup^Stardust Screen Saver Control 2003.lnk]
C:\WINDOWS\SCMain.exe [2004-01-02 355328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start

Menu^Programs^Startup^Stardust Wallpaper Control 2003.lnk]
C:\WINDOWS\WCMain.exe [2004-01-02 357376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NETGEAR WN121T Smart Wizard.lnk - C:\Program Files\NETGEAR\WN121T\wn121t.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Michael\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-29 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=C:\WINDOWS\system32\shdocvw.dll [2009-07-18 1509888]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"=C:\PROGRA~1\SpyZooka\spyguard.dll [2005-05-07 173568]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-03 126976]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager"
"C:\Program Files\FTP Explorer\ftpx.exe"="C:\Program Files\FTP Explorer\ftpx.exe:*:Enabled:FTP Explorer Application"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft

FrontPage"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync

RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft

ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio

10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa Plus"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office

OneNote"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Netscape\Netscape\Netscp.exe"="C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync

RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft

ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft

ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d90db73a-d299-11dc-8d69-0007e9ed11bd}]
shell\AutoRun\command - "M:\Install FreeAgent Tools.exe" /run


======List of files/folders created in the last 1 months======

2009-09-29 00:41:51 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-29 00:41:51 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-29 00:41:51 ----A---- C:\WINDOWS\system32\java.exe
2009-09-29 00:18:34 ----D---- C:\_OTM
2009-09-29 00:13:58 ----D---- C:\Program Files\ERUNT
2009-09-27 01:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-26 22:46:21 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2009-09-26 22:45:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-26 22:45:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-25 22:31:25 ----D---- C:\rsit
2009-09-11 03:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-11 03:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 03:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-11 03:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-11 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-11 03:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-11 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-11 03:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-11 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-11 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-11 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-11 03:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-11 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-11 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-11 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-11 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-11 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

======List of files/folders modified in the last 1 months======

2009-09-29 16:21:13 ----D---- C:\WINDOWS\Prefetch
2009-09-29 16:21:09 ----D---- C:\WINDOWS\Temp
2009-09-29 16:15:25 ----D---- C:\WINDOWS\Internet Logs
2009-09-29 09:55:32 ----D---- C:\WINDOWS\system32\drivers
2009-09-29 09:51:20 ----D---- C:\WINDOWS\system32
2009-09-29 09:51:17 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-29 09:33:22 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-09-29 01:06:20 ----SHD---- C:\WINDOWS\Installer
2009-09-29 00:41:59 ----SHD---- C:\Config.Msi
2009-09-29 00:41:31 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-29 00:41:27 ----D---- C:\Program Files\Java
2009-09-29 00:27:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-29 00:27:06 ----D---- C:\WINDOWS\ERDNT
2009-09-29 00:27:02 ----SD---- C:\WINDOWS\Tasks
2009-09-29 00:25:36 ----D---- C:\WINDOWS
2009-09-29 00:21:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-29 00:13:58 ----RD---- C:\Program Files
2009-09-28 11:07:07 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-27 01:56:16 ----HD---- C:\WINDOWS\inf
2009-09-27 01:55:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-27 01:29:35 ----RSD---- C:\WINDOWS\Fonts
2009-09-26 16:20:30 ----D---- C:\WINDOWS\network diagnostic
2009-09-26 00:09:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-25 22:15:10 ----D---- C:\Program Files\Mozilla Firefox
2009-09-11 03:11:27 ----A---- C:\WINDOWS\imsins.BAK
2009-09-11 03:02:45 ----D---- C:\Program Files\Outlook Express
2009-09-11 03:02:05 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-29 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-29 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-20 108552]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2000-09-11 10816]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2005-02-02 14408]
R1 ikhfile;File Security Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhfile.sys []
R1 ikhlayer;Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhlayer.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 PQIMount;PQIMount; C:\WINDOWS\system32\drivers\PQIMount.sys [2003-09-12 46810]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2006-06-18 394872]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 IOPort;IOPort; \??\C:\WINDOWS\System32\DRIVERS\IOPORT.SYS []
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\System32\Drivers\LxrJD31d.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2006-04-26 32224]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 DrmCDriverV32;DrmCDriverV32; C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2007-08-31 513152]
R3 DrmCVideo32;DrmCVideo32; C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2007-07-18 2688]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2002-11-15 12640]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-03-04 73134]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-07-13 171008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\system32\DRIVERS\WN121TXP.sys [2006-12-07

499456]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-03-31 28164]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 lkbdhlpr;Logitech Keyboard Class Helper Driver; C:\WINDOWS\System32\Drivers\lkbdhlpr.sys [2000-07-19 9952]
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-02-10 27344]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive; C:\WINDOWS\System32\Drivers\FarDrive.sys [2004-05-20 142169]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys []
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2003-03-04 53870]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-03-04 14348]
S3 LHidKE;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [2004-04-26 24605]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-04-26 38081]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2004-04-26 71405]
S3 MA763010;M-Audio FastTrack; C:\WINDOWS\system32\drivers\MA763010.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nuvaud2;NUVision II Audio Service; C:\WINDOWS\System32\DRIVERS\nuvaud2.sys [2001-07-11 25024]
S3 NUVision;NUVision II Video Service; C:\WINDOWS\System32\DRIVERS\nuvvid2.sys [2001-10-28 153760]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2004-02-11 16772]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter; C:\WINDOWS\System32\DRIVERS\wg121nd5.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28

77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2000-09-11 30398]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 L8042PRT;Logitech Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\System32\DRIVERS\l8042prt.sys [1998-08-19 84912]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-07-20 557056]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-04-07 204800]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2005-12-08

100032]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-29 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-29 297752]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-12-27 186016]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-12-27 177824]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2002-11-25 49152]
R2 IISADMIN;IIS Admin; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-29 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-03-29 287744]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2005-02-19 71168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL

Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2006-06-08 871080]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 V2i Protector;V2i Protector; C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe [2003-09-12 1208320]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-18 323584]
S2 ptssvc;ptssvc; C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe []
S2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe []
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2006-06-18 75768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2001-02-14 106552]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-12-27 83616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2005-12-08 2041536]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2007-08-17 184320]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL

Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:35 PM

Posted 29 September 2009 - 04:53 PM

Hi othoson,

You have a lof of infected email in many of your email accounts, they won't do you any harm if you dont open them but you should try to clear them out.
I will not be able to pinpoint which ones are infected, so you would just have to go through them and give them a good clear out, their was a couple of
things found which we will remove with an OTM script.

When you post the logs in your reply, please make sure that word wrap is off when copying it, it makes it very difficult to read.

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    mchInjDrv
    :Files
    C:\Documents and Settings\Michael\My Documents\My Web Stuff\Salsa de Miguel\archive\almacen.jpe
    C:\WINDOWS\system32\scenicnc.exe
    :Commands
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Then post back with the OTM results and a new Rsit log, also let me know if you are having any more problems.

Thanks

unite.jpg


#9 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:35 AM

Posted 01 October 2009 - 12:09 AM

I deleted all the infected email files. The OTM results and RSIT log are below.

OTM results:

========== SERVICES/DRIVERS ==========
Service\Driver mchInjDrv not found.
Service\Driver key mchInjDrv deleted successfully.
========== FILES ==========
C:\Documents and Settings\Michael\My Documents\My Web Stuff\Salsa de Miguel\archive\almacen.jpe moved successfully.
C:\WINDOWS\system32\scenicnc.exe moved successfully.
========== COMMANDS ==========

OTM by OldTimer - Version 3.0.0.6 log created on 09302009_001821


RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael at 2009-10-01 00:05:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 45 GB (39%) free of 114 GB
Total RAM: 1023 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:34 AM, on 10/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\20090910\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P66 "Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.songtouch.com/install/network/install.exe
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - Unknown owner - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14887 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-29 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-03 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll [2006-06-02 803048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll [2006-06-02 839920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968]
"BluetoothAuthenticationAgent"=irprops.cpl,,BluetoothAuthenticationAgent []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-04-26 29696]
"ServiceConfig"=C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe []
"PrinTray"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-03-29 36864]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-12-27 48800]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-10-18 278528]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-04-07 1106297]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-04-07 126976]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-04-07 1827640]
"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2006-06-18 968696]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-02-17 151597]
"nwiz"=nwiz.exe /install []
"DVDTray"=C:\Program Files\HP DVD\Umbrella\DVDTray.exe [2004-09-03 57344]
"DVDBitSet"=C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe [2003-12-18 184320]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-29 2007832]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-29 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\PROGRA~1\MICROS~4\wcescomm.exe [2006-06-20 1207080]
"Auto Auto EPSON Stylus Photo R200 Series on C422462-A on C422462-B"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\System32\LXSUPMON.EXE [2002-03-29 794112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-03-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\Winampa.exe [2002-04-26 12288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\PROGRA~1\Logitech\iTouch\iTouch.exe [2002-11-23 631362]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [2001-03-15 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Stardust Screen Saver Control 2003.lnk]
C:\WINDOWS\SCMain.exe [2004-01-02 355328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Stardust Wallpaper Control 2003.lnk]
C:\WINDOWS\WCMain.exe [2004-01-02 357376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NETGEAR WN121T Smart Wizard.lnk - C:\Program Files\NETGEAR\WN121T\wn121t.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Michael\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-29 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=C:\WINDOWS\system32\shdocvw.dll [2009-07-18 1509888]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"=C:\PROGRA~1\SpyZooka\spyguard.dll [2005-05-07 173568]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-03 126976]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager"
"C:\Program Files\FTP Explorer\ftpx.exe"="C:\Program Files\FTP Explorer\ftpx.exe:*:Enabled:FTP Explorer Application"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa Plus"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Netscape\Netscape\Netscp.exe"="C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d90db73a-d299-11dc-8d69-0007e9ed11bd}]
shell\AutoRun\command - "M:\Install FreeAgent Tools.exe" /run


======List of files/folders created in the last 1 months======

2009-09-29 00:41:51 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-29 00:41:51 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-29 00:41:51 ----A---- C:\WINDOWS\system32\java.exe
2009-09-29 00:18:34 ----D---- C:\_OTM
2009-09-29 00:13:58 ----D---- C:\Program Files\ERUNT
2009-09-27 01:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-26 22:46:21 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2009-09-26 22:45:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-26 22:45:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-25 22:31:25 ----D---- C:\rsit
2009-09-11 03:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-11 03:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 03:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-11 03:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-11 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-11 03:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-11 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-11 03:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-11 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-11 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-11 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-11 03:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-11 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-11 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-11 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-11 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-11 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

======List of files/folders modified in the last 1 months======

2009-10-01 00:05:42 ----D---- C:\WINDOWS\Temp
2009-10-01 00:00:55 ----D---- C:\WINDOWS\Internet Logs
2009-09-30 13:05:12 ----D---- C:\WINDOWS\Prefetch
2009-09-30 10:31:04 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-30 00:24:13 ----D---- C:\WINDOWS
2009-09-30 00:24:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-30 00:24:05 ----SD---- C:\WINDOWS\Tasks
2009-09-30 00:20:25 ----D---- C:\WINDOWS\system32
2009-09-30 00:19:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-29 09:55:32 ----D---- C:\WINDOWS\system32\drivers
2009-09-29 09:33:22 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-09-29 01:06:20 ----SHD---- C:\WINDOWS\Installer
2009-09-29 00:41:59 ----SHD---- C:\Config.Msi
2009-09-29 00:41:31 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-29 00:41:27 ----D---- C:\Program Files\Java
2009-09-29 00:27:06 ----D---- C:\WINDOWS\ERDNT
2009-09-29 00:13:58 ----RD---- C:\Program Files
2009-09-28 11:07:07 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-27 01:56:16 ----HD---- C:\WINDOWS\inf
2009-09-27 01:55:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-27 01:29:35 ----RSD---- C:\WINDOWS\Fonts
2009-09-26 16:20:30 ----D---- C:\WINDOWS\network diagnostic
2009-09-26 00:09:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-25 22:15:10 ----D---- C:\Program Files\Mozilla Firefox
2009-09-11 03:11:27 ----A---- C:\WINDOWS\imsins.BAK
2009-09-11 03:02:45 ----D---- C:\Program Files\Outlook Express
2009-09-11 03:02:05 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-29 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-29 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-20 108552]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2000-09-11 10816]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2005-02-02 14408]
R1 ikhfile;File Security Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhfile.sys []
R1 ikhlayer;Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhlayer.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 PQIMount;PQIMount; C:\WINDOWS\system32\drivers\PQIMount.sys [2003-09-12 46810]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2006-06-18 394872]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 IOPort;IOPort; \??\C:\WINDOWS\System32\DRIVERS\IOPORT.SYS []
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\System32\Drivers\LxrJD31d.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2006-04-26 32224]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 DrmCDriverV32;DrmCDriverV32; C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2007-08-31 513152]
R3 DrmCVideo32;DrmCVideo32; C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2007-07-18 2688]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2002-11-15 12640]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-03-04 73134]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-07-13 171008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\system32\DRIVERS\WN121TXP.sys [2006-12-07 499456]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-03-31 28164]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 lkbdhlpr;Logitech Keyboard Class Helper Driver; C:\WINDOWS\System32\Drivers\lkbdhlpr.sys [2000-07-19 9952]
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-02-10 27344]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive; C:\WINDOWS\System32\Drivers\FarDrive.sys [2004-05-20 142169]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys []
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2003-03-04 53870]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-03-04 14348]
S3 LHidKE;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [2004-04-26 24605]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-04-26 38081]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2004-04-26 71405]
S3 MA763010;M-Audio FastTrack; C:\WINDOWS\system32\drivers\MA763010.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nuvaud2;NUVision II Audio Service; C:\WINDOWS\System32\DRIVERS\nuvaud2.sys [2001-07-11 25024]
S3 NUVision;NUVision II Video Service; C:\WINDOWS\System32\DRIVERS\nuvvid2.sys [2001-10-28 153760]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2004-02-11 16772]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter; C:\WINDOWS\System32\DRIVERS\wg121nd5.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2000-09-11 30398]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 L8042PRT;Logitech Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\System32\DRIVERS\l8042prt.sys [1998-08-19 84912]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-07-20 557056]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-04-07 204800]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2005-12-08 100032]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-29 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-29 297752]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-12-27 186016]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-12-27 177824]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2002-11-25 49152]
R2 IISADMIN;IIS Admin; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-29 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-03-29 287744]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2005-02-19 71168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2006-06-08 871080]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 V2i Protector;V2i Protector; C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe [2003-09-12 1208320]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-18 323584]
S2 ptssvc;ptssvc; C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe []
S2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe []
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2006-06-18 75768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2001-02-14 106552]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-12-27 83616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2005-12-08 2041536]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2007-08-17 184320]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:35 PM

Posted 01 October 2009 - 08:11 AM

othoson,

Can you tell me in your next reply how the computer is running and if their are any more problems.

You still have some leftovers from an incomplete uninstallation of Norton security products on your computer.
To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.


Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Please post back here with the following logs:
  • Gmer log
  • New DDS log
Thanks

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:35 PM

Posted 05 October 2009 - 06:07 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users