Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 Kicks me out of "YOUR" website Malware or Spyware?


  • This topic is locked This topic is locked
14 replies to this topic

#1 EQUANOX

EQUANOX

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 October 2009 - 11:24 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/265772/am-i-doomed/ ~ OB

I am posting a problem I have from a couple days ago. My computer (Dell Dimension Win XP PRO IE8) have just been slowing down, I try to open My Documents folder and it takes a minute roughly to open, when It opens the scroll bars take a long time to go up or down (navigate) then the folder freezes & I have to close the My Documents folder.

BUT WAIT that's not all w00t.gif , When I open IE8 I can only open some html pages. When I open CNET.com for example it will load up the homepage but in less than a minute I get a ERROR from IE8 saying "Internet Explorer has encountered a problem and needs to close". IE8 will try to re-open the website but another ERROR occurs, "A problem with this web page caused IE to close and re-open tag". I will click on the "SEND ERROR MESSAGE" screen button 3 times until IE8 tells me it CANNOT open this website. I have tried this over & over again which only comes to the same conclusion. mad.gif

I think I have some kind of Malware, Spyware or Virus on my computer. Please let me know what is required of me to help you solve this problem. smile.gif From other posts I see a HJT & GMER report is sometimes required to solve this kind of problem.

PS: My internet provider is Rogers Internet & I am running there online protection suite which includes a anti-virus, firewall, anti-spyware, parental controls & privacy controls. Also they upload updates automatically all the time so I think I am well protected. (Until Now) I ran both the Anti-spyware & the Anti-virus & came up with only cookies to be deleted. PLEASE HELP ME sad.gif sad.gif & let me know what to do.

I have been instructed by Garmanma to provide for you a DDS, Attach & RootRepeal (ARK) log attached to this post.

Thank You
EQUANOX

Attached Files


Edited by EQUANOX, 24 October 2009 - 11:35 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:02 AM

Posted 01 November 2009 - 03:03 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 EQUANOX

EQUANOX
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 04 November 2009 - 03:56 PM

Hello Syler,

No need to apologize, I know you are very busy with allot of other people like myself. I could not get to you sooner because I have come across a few bad DVD-RW so I can switch files back & forth to the DELL computer which is having the problem. I am not so sure of what you mean by "Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized). I am guessing you want just the log.txt viewable on this post & the info.txt should be uploaded to this post. Please let me know if I am incorrect. I will be waiting for further instructions & Thank You.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Mr. Sean Solomon at 2009-11-04 14:31:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 118 GB (80%) free of 148 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:59 PM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UphClean\uphclean.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Rogers\SelfHealing\shs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mr. Sean Solomon\Desktop\RSIT.exe
C:\Program Files\trend micro\Mr. Sean Solomon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://express.rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\Rogers\SelfHealing\shs.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RogersServicepointAgent.exe] "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: WinFlip.lnk = C:\Program Files\WinFlip\WinFlip.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1250877687312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236894849515
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rogers Online Protection (Radialpoint Security Services) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Rogers Online Protection Firewall (RP_FWS) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8733 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{170B5262-1E3F-4AEC-BC1E-4B85D3A2F8C0}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D85F442C-EE54-486E-B387-6CAFA0B01BFF}.job
C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll [2009-02-27 55536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Rogers SHS"=C:\Program Files\Rogers\SelfHealing\shs.exe [2009-05-25 2741560]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"RogersServicepointAgent.exe"=C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe [2009-02-27 3228912]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-20 149280]
"DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"DXDllRegExe"=dxdllreg.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-27 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mr. Sean Solomon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3
"idsvc"=3
"WMPNetworkSvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Mr. Sean Solomon\Start Menu\Programs\Startup
WinFlip.lnk - C:\Program Files\WinFlip\WinFlip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Media Center Diagnostic Kit\MCDiag.exe"="C:\Program Files\Media Center Diagnostic Kit\MCDiag.exe:*:Enabled:Media Center Diagnostic Tool"
"C:\Program Files\Media Center Diagnostic Kit\MCEHostRemote.exe"="C:\Program Files\Media Center Diagnostic Kit\MCEHostRemote.exe:*:Enabled:Media Center Scripting Host"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bee25647-0c49-11de-b6d5-001109b89f15}]
shell\AutoRun\command - K:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5c24ae5-0ddd-11de-b6db-001109b89f15}]
shell\AutoRun\command - I:\StartClickFreeBackup.exe


======List of files/folders created in the last 1 months======

2009-11-04 14:15:43 ----D---- C:\Program Files\trend micro
2009-11-04 14:15:42 ----D---- C:\rsit
2009-10-22 11:56:40 ----A---- C:\RootRepeal report 10-22-09 (12-56-40).txt
2009-10-20 14:27:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-20 14:23:47 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-19 21:21:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-19 21:20:28 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\SUPERAntiSpyware.com
2009-10-19 20:36:13 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Malwarebytes
2009-10-19 20:36:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-19 20:36:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-19 16:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-18 20:23:27 ----A---- C:\WINDOWS\HPGdiPlus.ini
2009-10-18 20:00:25 ----D---- C:\Program Files\Common Files\HP
2009-10-18 15:29:26 ----D---- C:\Program Files\HP
2009-10-17 19:52:33 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard(2)
2009-10-17 07:17:52 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Stardock
2009-10-17 07:17:29 ----HDC---- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2009-10-17 07:17:26 ----D---- C:\Program Files\Stardock
2009-10-17 02:35:26 ----D---- C:\Program Files\Xilisoft
2009-10-17 00:23:43 ----D---- C:\WINDOWS\system32\custom matrices
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\openIE.js
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\gnu_license.txt
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\Boost_Software_License_1.0.txt
2009-10-17 00:23:42 ----D---- C:\WINDOWS\system32\languages
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\TomsMoComp_ff.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\libmpeg2_ff.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\ff_samplerate.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\ff_kernelDeint.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_unrar.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_tremor.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libmad.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libfaad2.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libdts.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_liba52.dll
2009-10-17 00:23:39 ----A---- C:\WINDOWS\system32\unins000.exe
2009-10-17 00:23:39 ----A---- C:\WINDOWS\system32\ffmpegmt.dll
2009-10-15 21:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 21:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 21:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 21:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 21:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 21:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 21:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 21:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 21:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-15 21:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 16:15:53 ----D---- C:\Program Files\XP Codec Pack
2009-10-15 07:39:05 ----D---- C:\Program Files\Dell
2009-10-15 07:39:04 ----D---- C:\WINDOWS\system32\Dell
2009-10-13 17:35:44 ----A---- C:\WINDOWS\uninst.exe
2009-10-12 22:36:54 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-10-12 22:30:11 ----D---- C:\Program Files\Microsoft Visual Studio
2009-10-12 22:30:11 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-12 22:26:57 ----D---- C:\Program Files\Microsoft.NET
2009-10-12 22:18:20 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-10-12 22:15:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-11 21:23:05 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\OpenWith.org Downloaded Setups
2009-10-11 06:50:05 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\AskToolbar
2009-10-09 23:31:17 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\WinRAR
2009-10-09 23:28:34 ----D---- C:\Program Files\WinRAR
2009-10-09 20:57:59 ----D---- C:\Documents and Settings\All Users\Application Data\ashampoo
2009-10-09 11:31:25 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\OpenWith.org Cache
2009-10-08 17:51:36 ----D---- C:\Program Files\OpenWith.org Desktop Tool
2009-10-08 17:44:56 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Systenance
2009-10-07 16:51:45 ----D---- C:\Program Files\Free YouTube Downloader Converter
2009-10-07 15:26:58 ----D---- C:\Program Files\Common Files\AVSMedia
2009-10-07 15:26:57 ----A---- C:\WINDOWS\system32\msxml3a.dll

======List of files/folders modified in the last 1 months======

2009-11-04 14:16:26 ----D---- C:\WINDOWS\Prefetch
2009-11-04 14:15:43 ----RD---- C:\Program Files
2009-11-04 14:09:24 ----SHD---- C:\RECYCLER
2009-11-04 14:08:40 ----D---- C:\WINDOWS\Temp
2009-11-04 14:08:31 ----D---- C:\Program Files\WinFlip
2009-11-04 14:08:19 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2009-11-04 14:08:08 ----D---- C:\WINDOWS
2009-11-04 14:06:03 ----D---- C:\WINDOWS\Registration
2009-11-04 14:05:56 ----A---- C:\Documents and Settings\All Users\Application Data\updateinfo.txt
2009-11-04 14:05:53 ----D---- C:\WINDOWS\system32\drivers
2009-11-04 14:05:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-04 14:04:43 ----D---- C:\WINDOWS\system32
2009-11-04 14:03:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-04 14:01:36 ----HD---- C:\WINDOWS\inf
2009-11-04 14:01:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-04 14:00:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-01 11:12:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-28 21:47:49 ----D---- C:\Documents and Settings
2009-10-28 12:07:18 ----SD---- C:\WINDOWS\Tasks
2009-10-25 19:25:03 ----A---- C:\WINDOWS\win.ini
2009-10-23 22:21:25 ----SHD---- C:\WINDOWS\Installer
2009-10-23 22:21:25 ----D---- C:\Config.Msi
2009-10-23 22:15:49 ----RSD---- C:\WINDOWS\assembly
2009-10-22 19:09:04 ----A---- C:\WINDOWS\system32\dfrg.msc
2009-10-22 18:54:01 ----SHD---- C:\System Volume Information
2009-10-22 18:54:01 ----D---- C:\WINDOWS\system32\Restore
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-21 13:16:07 ----D---- C:\Program Files\Microsoft Office
2009-10-21 12:29:36 ----D---- C:\Program Files\Common Files
2009-10-20 19:48:48 ----SH---- C:\boot.ini
2009-10-20 19:48:48 ----A---- C:\WINDOWS\system.ini
2009-10-20 14:23:21 ----D---- C:\WINDOWS\WinSxS
2009-10-19 16:40:22 ----A---- C:\WINDOWS\imsins.BAK
2009-10-18 19:53:58 ----D---- C:\WINDOWS\twain_32
2009-10-18 19:40:46 ----D---- C:\WINDOWS\system32\URTTemp
2009-10-18 19:07:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-18 18:47:58 ----D---- C:\WINDOWS\Help
2009-10-17 20:36:47 ----D---- C:\WINDOWS\system32\config
2009-10-17 20:35:52 ----D---- C:\WINDOWS\system32\wbem
2009-10-16 15:37:52 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-15 21:34:29 ----D---- C:\Program Files\Internet Explorer
2009-10-15 21:25:36 ----D---- C:\Program Files\Microsoft Works
2009-10-15 20:55:08 ----D---- C:\Program Files\Windows Desktop Search
2009-10-15 19:26:00 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-15 18:57:50 ----D---- C:\WINDOWS\pss
2009-10-15 17:56:45 ----D---- C:\WINDOWS\system32\en-us
2009-10-15 16:02:46 ----D---- C:\WINDOWS\security
2009-10-15 11:40:08 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-15 11:34:52 ----D---- C:\Program Files\Common Files\Adobe
2009-10-15 07:39:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-15 07:04:31 ----SD---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Microsoft
2009-10-14 15:10:28 ----D---- C:\Program Files\VideoLAN
2009-10-12 22:57:11 ----RSD---- C:\WINDOWS\Fonts
2009-10-12 22:56:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-12 22:49:17 ----D---- C:\Program Files\Common Files\System
2009-10-12 22:45:51 ----D---- C:\WINDOWS\SHELLNEW
2009-10-12 22:32:07 ----D---- C:\Program Files\MSBuild
2009-10-12 21:55:10 ----D---- C:\Program Files\7-Zip
2009-10-12 21:20:02 ----D---- C:\WINDOWS\Media
2009-10-12 20:57:43 ----A---- C:\WINDOWS\ODBC.INI
2009-10-09 23:19:09 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-10-08 19:00:46 ----A---- C:\WINDOWS\system32\libmplayer.dll
2009-10-08 19:00:46 ----A---- C:\WINDOWS\system32\libavcodec.dll
2009-10-08 19:00:44 ----A---- C:\WINDOWS\system32\ff_x264.dll
2009-10-08 19:00:44 ----A---- C:\WINDOWS\system32\ff_wmv9.dll
2009-10-08 18:27:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-10-07 14:47:00 ----D---- C:\Program Files\Common Files\DVDVideoSoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-10-18 43672]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-06-12 15232]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2008-09-08 196368]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-04-24 53192]
R3 AngelUsb;Angel USB MPEG Device; C:\WINDOWS\system32\DRIVERS\AngelUsb.sys [2005-02-17 375424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S2 bsaspi32;bsaspi32; C:\WINDOWS\system32\drivers\bsaspi32.sys []
S2 Nbf;NetBEUI Protocol; C:\WINDOWS\system32\DRIVERS\nbf.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-07 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-07 21488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-01-17 12270]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 ehMonitor;Media Center Monitor Service; C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe [2005-09-07 49336]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-20 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]
R2 RogersSelfHelpService;Rogers SHS Service; c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2009-05-25 144696]
R2 RogersUpdateManager;Rogers Update Manager; C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe [2008-04-22 163840]
R2 RP_FWS;Rogers Online Protection Firewall; C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe [2009-02-27 363248]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UphClean\uphclean.exe [2005-04-27 241725]
R3 Radialpoint Security Services;Rogers Online Protection; C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [2009-02-27 97520]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-07-07 65795]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   33.15KB   3 downloads


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:02 AM

Posted 04 November 2009 - 10:12 PM

Hi EQUANOX,

I am not so sure of what you mean by "Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).


That part was just telling you how Rsit will present them to you, the log.txt would have appeared maximized on your screen and info.txt will be minimized.
Also next time you run Rsit it will only produce one log, just so you know.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 EQUANOX

EQUANOX
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 05 November 2009 - 02:09 PM

Hi Syler,

I would like to apologize for the misunderstanding. As I was doing a scan with GMER it recognized 2 Trojans which were deleted after I re-started the computer. I have also disconnected the computer from the internet & shut off Rogers On-line Protection. Below are the 3 Logs you requested, I will be waiting for your analysis, Thank you.


Malwarebytes' Anti-Malware 1.41
Database version: 3012
Windows 5.1.2600 Service Pack 3

11/5/2009 12:02:51 PM
mbam-log-2009-11-05 (12-02-51).txt

Scan type: Quick Scan
Objects scanned: 121335
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.



GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-05 13:20:28
Windows 5.1.2600 Service Pack 3
Running: qrzk7rnq.exe; Driver: C:\DOCUME~1\MRF0D8~1.SEA\LOCALS~1\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xF2E642A0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xF2E6234E]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xF2E63FD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xF2E64140]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xF2E64E10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF2E648AE]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xF2E657D0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xF2E64450]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xF2E61EA0]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xF765C030]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xF2E63DC0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xF2E64C3E]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xF2E65436]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xF2E62930]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xF2E65740]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xF2E65B00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xF2E660C0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xF2E60AF0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xF2E64A90]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xF2E656F0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xF2E621B0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xF2E652AB]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xF0F9E6D0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xF2E64310]

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

Device \FileSystem\Fastfat \Fat F0492D20

AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----



Logfile of random's system information tool 1.06 (written by random/random)
Run by Mr. Sean Solomon at 2009-11-05 13:23:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 118 GB (80%) free of 148 GB
Total RAM: 1022 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:02 PM, on 11/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\Explorer.EXE
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UphClean\uphclean.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mr. Sean Solomon\Desktop\RSIT.exe
C:\Program Files\trend micro\Mr. Sean Solomon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://express.rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\Rogers\SelfHealing\shs.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RogersServicepointAgent.exe] "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: WinFlip.lnk = C:\Program Files\WinFlip\WinFlip.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1250877687312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236894849515
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rogers Online Protection (Radialpoint Security Services) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Rogers Online Protection Firewall (RP_FWS) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8491 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{170B5262-1E3F-4AEC-BC1E-4B85D3A2F8C0}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D85F442C-EE54-486E-B387-6CAFA0B01BFF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll [2009-02-27 55536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Rogers SHS"=C:\Program Files\Rogers\SelfHealing\shs.exe [2009-05-25 2741560]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"RogersServicepointAgent.exe"=C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe [2009-02-27 3228912]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-20 149280]
"DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"DXDllRegExe"=dxdllreg.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-27 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mr. Sean Solomon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3
"idsvc"=3
"WMPNetworkSvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Mr. Sean Solomon\Start Menu\Programs\Startup
WinFlip.lnk - C:\Program Files\WinFlip\WinFlip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Media Center Diagnostic Kit\MCDiag.exe"="C:\Program Files\Media Center Diagnostic Kit\MCDiag.exe:*:Enabled:Media Center Diagnostic Tool"
"C:\Program Files\Media Center Diagnostic Kit\MCEHostRemote.exe"="C:\Program Files\Media Center Diagnostic Kit\MCEHostRemote.exe:*:Enabled:Media Center Scripting Host"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bee25647-0c49-11de-b6d5-001109b89f15}]
shell\AutoRun\command - K:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5c24ae5-0ddd-11de-b6db-001109b89f15}]
shell\AutoRun\command - I:\StartClickFreeBackup.exe


======List of files/folders created in the last 1 months======

2009-11-04 14:15:43 ----D---- C:\Program Files\trend micro
2009-11-04 14:15:42 ----D---- C:\rsit
2009-10-22 11:56:40 ----A---- C:\RootRepeal report 10-22-09 (12-56-40).txt
2009-10-20 14:27:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-20 14:23:47 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-19 21:21:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-19 21:20:28 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\SUPERAntiSpyware.com
2009-10-19 20:36:13 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Malwarebytes
2009-10-19 20:36:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-19 20:36:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-19 16:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-18 20:23:27 ----A---- C:\WINDOWS\HPGdiPlus.ini
2009-10-18 20:00:25 ----D---- C:\Program Files\Common Files\HP
2009-10-18 15:29:26 ----D---- C:\Program Files\HP
2009-10-17 19:52:33 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard(2)
2009-10-17 07:17:52 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Stardock
2009-10-17 07:17:29 ----HDC---- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2009-10-17 07:17:26 ----D---- C:\Program Files\Stardock
2009-10-17 02:35:26 ----D---- C:\Program Files\Xilisoft
2009-10-17 00:23:43 ----D---- C:\WINDOWS\system32\custom matrices
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\openIE.js
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\gnu_license.txt
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\Boost_Software_License_1.0.txt
2009-10-17 00:23:42 ----D---- C:\WINDOWS\system32\languages
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\TomsMoComp_ff.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\libmpeg2_ff.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\ff_samplerate.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\ff_kernelDeint.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_unrar.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_tremor.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libmad.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libfaad2.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libdts.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_liba52.dll
2009-10-17 00:23:39 ----A---- C:\WINDOWS\system32\unins000.exe
2009-10-17 00:23:39 ----A---- C:\WINDOWS\system32\ffmpegmt.dll
2009-10-15 21:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 21:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 21:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 21:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 21:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 21:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 21:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 21:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 21:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-15 21:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 16:15:53 ----D---- C:\Program Files\XP Codec Pack
2009-10-15 07:39:05 ----D---- C:\Program Files\Dell
2009-10-15 07:39:04 ----D---- C:\WINDOWS\system32\Dell
2009-10-13 17:35:44 ----A---- C:\WINDOWS\uninst.exe
2009-10-12 22:36:54 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-10-12 22:30:11 ----D---- C:\Program Files\Microsoft Visual Studio
2009-10-12 22:30:11 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-12 22:26:57 ----D---- C:\Program Files\Microsoft.NET
2009-10-12 22:18:20 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-10-12 22:15:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-11 21:23:05 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\OpenWith.org Downloaded Setups
2009-10-11 06:50:05 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\AskToolbar
2009-10-09 23:31:17 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\WinRAR
2009-10-09 23:28:34 ----D---- C:\Program Files\WinRAR
2009-10-09 20:57:59 ----D---- C:\Documents and Settings\All Users\Application Data\ashampoo
2009-10-09 11:31:25 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\OpenWith.org Cache
2009-10-08 17:51:36 ----D---- C:\Program Files\OpenWith.org Desktop Tool
2009-10-08 17:44:56 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Systenance
2009-10-07 16:51:45 ----D---- C:\Program Files\Free YouTube Downloader Converter
2009-10-07 15:26:58 ----D---- C:\Program Files\Common Files\AVSMedia
2009-10-07 15:26:57 ----A---- C:\WINDOWS\system32\msxml3a.dll

======List of files/folders modified in the last 1 months======

2009-11-05 13:22:16 ----D---- C:\WINDOWS\Prefetch
2009-11-05 12:14:47 ----D---- C:\WINDOWS\Temp
2009-11-05 12:08:03 ----SHD---- C:\RECYCLER
2009-11-05 12:06:46 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2009-11-05 12:06:29 ----D---- C:\WINDOWS\Registration
2009-11-05 12:06:25 ----D---- C:\Program Files\WinFlip
2009-11-05 12:05:56 ----D---- C:\WINDOWS\system32\drivers
2009-11-05 12:05:47 ----A---- C:\Documents and Settings\All Users\Application Data\updateinfo.txt
2009-11-05 12:05:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-05 12:05:35 ----D---- C:\WINDOWS
2009-11-05 12:03:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-05 12:02:51 ----SD---- C:\WINDOWS\Tasks
2009-11-04 14:15:43 ----RD---- C:\Program Files
2009-11-04 14:04:43 ----D---- C:\WINDOWS\system32
2009-11-04 14:01:36 ----HD---- C:\WINDOWS\inf
2009-11-04 14:01:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-04 14:00:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-01 11:12:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-28 21:47:49 ----D---- C:\Documents and Settings
2009-10-25 19:25:03 ----A---- C:\WINDOWS\win.ini
2009-10-23 22:21:25 ----SHD---- C:\WINDOWS\Installer
2009-10-23 22:21:25 ----D---- C:\Config.Msi
2009-10-23 22:15:49 ----RSD---- C:\WINDOWS\assembly
2009-10-22 19:09:04 ----A---- C:\WINDOWS\system32\dfrg.msc
2009-10-22 18:54:01 ----SHD---- C:\System Volume Information
2009-10-22 18:54:01 ----D---- C:\WINDOWS\system32\Restore
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-21 13:16:07 ----D---- C:\Program Files\Microsoft Office
2009-10-21 12:29:36 ----D---- C:\Program Files\Common Files
2009-10-20 19:48:48 ----SH---- C:\boot.ini
2009-10-20 19:48:48 ----A---- C:\WINDOWS\system.ini
2009-10-20 14:23:21 ----D---- C:\WINDOWS\WinSxS
2009-10-19 16:40:22 ----A---- C:\WINDOWS\imsins.BAK
2009-10-18 19:53:58 ----D---- C:\WINDOWS\twain_32
2009-10-18 19:40:46 ----D---- C:\WINDOWS\system32\URTTemp
2009-10-18 19:07:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-18 18:47:58 ----D---- C:\WINDOWS\Help
2009-10-17 20:36:47 ----D---- C:\WINDOWS\system32\config
2009-10-17 20:35:52 ----D---- C:\WINDOWS\system32\wbem
2009-10-16 15:37:52 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-15 21:34:29 ----D---- C:\Program Files\Internet Explorer
2009-10-15 21:25:36 ----D---- C:\Program Files\Microsoft Works
2009-10-15 20:55:08 ----D---- C:\Program Files\Windows Desktop Search
2009-10-15 19:26:00 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-15 18:57:50 ----D---- C:\WINDOWS\pss
2009-10-15 17:56:45 ----D---- C:\WINDOWS\system32\en-us
2009-10-15 16:02:46 ----D---- C:\WINDOWS\security
2009-10-15 11:40:08 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-15 11:34:52 ----D---- C:\Program Files\Common Files\Adobe
2009-10-15 07:39:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-15 07:04:31 ----SD---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Microsoft
2009-10-14 15:10:28 ----D---- C:\Program Files\VideoLAN
2009-10-12 22:57:11 ----RSD---- C:\WINDOWS\Fonts
2009-10-12 22:56:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-12 22:49:17 ----D---- C:\Program Files\Common Files\System
2009-10-12 22:45:51 ----D---- C:\WINDOWS\SHELLNEW
2009-10-12 22:32:07 ----D---- C:\Program Files\MSBuild
2009-10-12 21:55:10 ----D---- C:\Program Files\7-Zip
2009-10-12 21:20:02 ----D---- C:\WINDOWS\Media
2009-10-12 20:57:43 ----A---- C:\WINDOWS\ODBC.INI
2009-10-09 23:19:09 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-10-08 19:00:46 ----A---- C:\WINDOWS\system32\libmplayer.dll
2009-10-08 19:00:46 ----A---- C:\WINDOWS\system32\libavcodec.dll
2009-10-08 19:00:44 ----A---- C:\WINDOWS\system32\ff_x264.dll
2009-10-08 19:00:44 ----A---- C:\WINDOWS\system32\ff_wmv9.dll
2009-10-08 18:27:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-10-07 14:47:00 ----D---- C:\Program Files\Common Files\DVDVideoSoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-10-18 43672]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-06-12 15232]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2008-09-08 196368]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-04-24 53192]
R3 AngelUsb;Angel USB MPEG Device; C:\WINDOWS\system32\DRIVERS\AngelUsb.sys [2005-02-17 375424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S2 bsaspi32;bsaspi32; C:\WINDOWS\system32\drivers\bsaspi32.sys []
S2 Nbf;NetBEUI Protocol; C:\WINDOWS\system32\DRIVERS\nbf.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-07 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-07 21488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-01-17 12270]
S3 pxtdapod;pxtdapod; \??\C:\DOCUME~1\MRF0D8~1.SEA\LOCALS~1\Temp\pxtdapod.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 ehMonitor;Media Center Monitor Service; C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe [2005-09-07 49336]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-20 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]
R2 RogersSelfHelpService;Rogers SHS Service; c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2009-05-25 144696]
R2 RogersUpdateManager;Rogers Update Manager; C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe [2008-04-22 163840]
R2 RP_FWS;Rogers Online Protection Firewall; C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe [2009-02-27 363248]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UphClean\uphclean.exe [2005-04-27 241725]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-07-07 65795]
S3 Radialpoint Security Services;Rogers Online Protection; C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [2009-02-27 97520]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:02 AM

Posted 05 November 2009 - 05:34 PM

Hi EQUANOX,

As I was doing a scan with GMER it recognized 2 Trojans which were deleted after I re-started the computer.


Are you saying that you was doing the MBAM and Gmer scan at the same time, you should not do this it may cause other problems, any tools I ask you to run
need to be run in the order posted and one after the other has finished.

I have also disconnected the computer from the internet & shut off Rogers On-line Protection


You should only do this whilst doing the scans, then you should enable then again after they are done.


I don't really see anything to worry about in your logs, just some bit's we can clean up. Let me know in your next reply if you are still having any problems.


Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "DXDllRegExe"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
    :Commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\uninst.exe

Please post back with the link to the scan results, in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



You still have some leftovers from an incomplete uninstallation of Norton security products on your computer.
To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.



Please post back here with the following logs:
  • OTM results
  • Jotti\VT link
  • New Rsit log
Thanks

unite.jpg


#7 EQUANOX

EQUANOX
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 06 November 2009 - 01:01 PM

Hi Syler,


I did the MBAM and Gmer scan separately one after the other. In fact I took off the Rogers Online Protection for the GMER scan as you instructed. When I was going through the process of getting the information for you I reached to the point of downloading the Norman Removal Tool & the Dell computer still gave me the Internet Explorer ERROR "Internet Explorer has encountered a problem and needs to close. Please tell Microsoft about this problem. We have created an error report that you can send to help us improve Internet Explorer. We will treat this report as confidential and anonymous." I think I mentioned this issue before about the MY DOCUMENTS Folder, when I open it it freezes as I scroll up & down & I am forced to close the application using Task Manager.

I was able to get to the Major Geeks homepage but in less than a minute I get the above ERROR. I click on the "Send Error Report" button & IE8 closes the home page. I was able to retrieve the Norman Removal Tool from my MDG computer just fine & burn it on a dvd to be installed on the Dell. I have done that for all the applications you have told me to download & run on the Dell, by the way I did run the Norman Removal Tool & ERUNT successfully.

I did everything you asked me to do one step at a time. The OTM log, Jotti's malware scan link & new RSIT Log are below. I will be waiting for further instructions. Thank you

(1)
All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DXDllRegExe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49554 bytes

User: Mr. Sean Solomon
->Temp folder emptied: 55920752 bytes
->Temporary Internet Files folder emptied: 3807731 bytes
->Java cache emptied: 25493434 bytes

User: MRF0D8~1~SEA

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Sean
->Temp folder emptied: 9279119 bytes
->Temporary Internet Files folder emptied: 832882 bytes

User: Winsom Davis
->Temp folder emptied: 5415760 bytes
->Temporary Internet Files folder emptied: 15480154 bytes

User: yfl

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1225527 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 2887373 bytes
RecycleBin emptied: 2005 bytes

Total Files Cleaned = 114.88 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11062009_113149

Files moved on Reboot...

Registry entries deleted on Reboot...


(2)
Jotti's Malware Scan Result Page-Link
http://virusscan.jotti.org/en/scanresult/d...9c909886dfa924d




(3)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mr. Sean Solomon at 2009-11-06 12:12:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 118 GB (80%) free of 148 GB
Total RAM: 1022 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:40 PM, on 11/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exe
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Rogers\SelfHealing\shs.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UphClean\uphclean.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
C:\Documents and Settings\Mr. Sean Solomon\Desktop\RSIT.exe
C:\Program Files\trend micro\Mr. Sean Solomon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://express.rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\Rogers\SelfHealing\shs.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RogersServicepointAgent.exe] "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: WinFlip.lnk = C:\Program Files\WinFlip\WinFlip.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1250877687312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236894849515
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rogers Online Protection (Radialpoint Security Services) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Rogers Online Protection Firewall (RP_FWS) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8616 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{170B5262-1E3F-4AEC-BC1E-4B85D3A2F8C0}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D85F442C-EE54-486E-B387-6CAFA0B01BFF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll [2009-02-27 55536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-20 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Rogers SHS"=C:\Program Files\Rogers\SelfHealing\shs.exe [2009-05-25 2741560]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"RogersServicepointAgent.exe"=C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe [2009-02-27 3228912]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-20 149280]
"DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-27 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mr. Sean Solomon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3
"idsvc"=3
"WMPNetworkSvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Mr. Sean Solomon\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
WinFlip.lnk - C:\Program Files\WinFlip\WinFlip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Media Center Diagnostic Kit\MCDiag.exe"="C:\Program Files\Media Center Diagnostic Kit\MCDiag.exe:*:Enabled:Media Center Diagnostic Tool"
"C:\Program Files\Media Center Diagnostic Kit\MCEHostRemote.exe"="C:\Program Files\Media Center Diagnostic Kit\MCEHostRemote.exe:*:Enabled:Media Center Scripting Host"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bee25647-0c49-11de-b6d5-001109b89f15}]
shell\AutoRun\command - K:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5c24ae5-0ddd-11de-b6db-001109b89f15}]
shell\AutoRun\command - I:\StartClickFreeBackup.exe


======List of files/folders created in the last 1 months======

2009-11-06 11:31:49 ----D---- C:\_OTM
2009-11-06 11:21:34 ----D---- C:\WINDOWS\ERDNT
2009-11-06 11:18:44 ----D---- C:\Program Files\ERUNT
2009-11-04 14:15:43 ----D---- C:\Program Files\trend micro
2009-11-04 14:15:42 ----D---- C:\rsit
2009-10-22 11:56:40 ----A---- C:\RootRepeal report 10-22-09 (12-56-40).txt
2009-10-20 14:27:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-20 14:23:47 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-19 21:21:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-19 21:20:28 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\SUPERAntiSpyware.com
2009-10-19 20:36:13 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Malwarebytes
2009-10-19 20:36:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-19 20:36:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-19 16:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-18 20:23:27 ----A---- C:\WINDOWS\HPGdiPlus.ini
2009-10-18 20:00:25 ----D---- C:\Program Files\Common Files\HP
2009-10-18 15:29:26 ----D---- C:\Program Files\HP
2009-10-17 19:52:33 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard(2)
2009-10-17 07:17:52 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Stardock
2009-10-17 07:17:29 ----HDC---- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2009-10-17 07:17:26 ----D---- C:\Program Files\Stardock
2009-10-17 02:35:26 ----D---- C:\Program Files\Xilisoft
2009-10-17 00:23:43 ----D---- C:\WINDOWS\system32\custom matrices
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\openIE.js
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\gnu_license.txt
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\Boost_Software_License_1.0.txt
2009-10-17 00:23:42 ----D---- C:\WINDOWS\system32\languages
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\TomsMoComp_ff.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\libmpeg2_ff.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\ff_samplerate.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\ff_kernelDeint.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_unrar.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_tremor.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libmad.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libfaad2.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libdts.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_liba52.dll
2009-10-17 00:23:39 ----A---- C:\WINDOWS\system32\unins000.exe
2009-10-17 00:23:39 ----A---- C:\WINDOWS\system32\ffmpegmt.dll
2009-10-15 21:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 21:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 21:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 21:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 21:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 21:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 21:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 21:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 21:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-15 21:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 16:15:53 ----D---- C:\Program Files\XP Codec Pack
2009-10-15 07:39:05 ----D---- C:\Program Files\Dell
2009-10-15 07:39:04 ----D---- C:\WINDOWS\system32\Dell
2009-10-13 17:35:44 ----A---- C:\WINDOWS\uninst.exe
2009-10-12 22:36:54 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-10-12 22:30:11 ----D---- C:\Program Files\Microsoft Visual Studio
2009-10-12 22:30:11 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-12 22:26:57 ----D---- C:\Program Files\Microsoft.NET
2009-10-12 22:18:20 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-10-12 22:15:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-11 21:23:05 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\OpenWith.org Downloaded Setups
2009-10-11 06:50:05 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\AskToolbar
2009-10-09 23:31:17 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\WinRAR
2009-10-09 23:28:34 ----D---- C:\Program Files\WinRAR
2009-10-09 20:57:59 ----D---- C:\Documents and Settings\All Users\Application Data\ashampoo
2009-10-09 11:31:25 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\OpenWith.org Cache
2009-10-08 17:51:36 ----D---- C:\Program Files\OpenWith.org Desktop Tool
2009-10-08 17:44:56 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Systenance
2009-10-07 16:51:45 ----D---- C:\Program Files\Free YouTube Downloader Converter
2009-10-07 15:26:58 ----D---- C:\Program Files\Common Files\AVSMedia
2009-10-07 15:26:57 ----A---- C:\WINDOWS\system32\msxml3a.dll

======List of files/folders modified in the last 1 months======

2009-11-06 12:10:43 ----D---- C:\WINDOWS\Temp
2009-11-06 12:06:34 ----RD---- C:\Program Files
2009-11-06 12:06:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-06 12:06:30 ----D---- C:\WINDOWS\system32\drivers
2009-11-06 12:06:30 ----D---- C:\WINDOWS\system32
2009-11-06 12:06:29 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-11-06 12:03:10 ----D---- C:\WINDOWS\Prefetch
2009-11-06 11:37:36 ----SHD---- C:\RECYCLER
2009-11-06 11:35:39 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2009-11-06 11:35:26 ----D---- C:\WINDOWS\Registration
2009-11-06 11:35:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-06 11:34:50 ----D---- C:\Program Files\WinFlip
2009-11-06 11:34:42 ----A---- C:\Documents and Settings\All Users\Application Data\updateinfo.txt
2009-11-06 11:34:25 ----D---- C:\WINDOWS
2009-11-06 11:32:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-05 12:02:51 ----SD---- C:\WINDOWS\Tasks
2009-11-04 14:01:36 ----HD---- C:\WINDOWS\inf
2009-11-04 14:01:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-04 14:00:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-01 11:12:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-28 21:47:49 ----D---- C:\Documents and Settings
2009-10-25 19:25:03 ----A---- C:\WINDOWS\win.ini
2009-10-23 22:21:25 ----SHD---- C:\WINDOWS\Installer
2009-10-23 22:21:25 ----D---- C:\Config.Msi
2009-10-23 22:15:49 ----RSD---- C:\WINDOWS\assembly
2009-10-22 19:09:04 ----A---- C:\WINDOWS\system32\dfrg.msc
2009-10-22 18:54:01 ----SHD---- C:\System Volume Information
2009-10-22 18:54:01 ----D---- C:\WINDOWS\system32\Restore
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-21 13:16:07 ----D---- C:\Program Files\Microsoft Office
2009-10-21 12:29:36 ----D---- C:\Program Files\Common Files
2009-10-20 19:48:48 ----SH---- C:\boot.ini
2009-10-20 19:48:48 ----A---- C:\WINDOWS\system.ini
2009-10-20 14:23:21 ----D---- C:\WINDOWS\WinSxS
2009-10-19 16:40:22 ----A---- C:\WINDOWS\imsins.BAK
2009-10-18 19:53:58 ----D---- C:\WINDOWS\twain_32
2009-10-18 19:40:46 ----D---- C:\WINDOWS\system32\URTTemp
2009-10-18 19:07:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-18 18:47:58 ----D---- C:\WINDOWS\Help
2009-10-17 20:36:47 ----D---- C:\WINDOWS\system32\config
2009-10-17 20:35:52 ----D---- C:\WINDOWS\system32\wbem
2009-10-16 15:37:52 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-15 21:34:29 ----D---- C:\Program Files\Internet Explorer
2009-10-15 21:25:36 ----D---- C:\Program Files\Microsoft Works
2009-10-15 20:55:08 ----D---- C:\Program Files\Windows Desktop Search
2009-10-15 19:26:00 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-15 18:57:50 ----D---- C:\WINDOWS\pss
2009-10-15 17:56:45 ----D---- C:\WINDOWS\system32\en-us
2009-10-15 16:02:46 ----D---- C:\WINDOWS\security
2009-10-15 11:40:08 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-15 11:34:52 ----D---- C:\Program Files\Common Files\Adobe
2009-10-15 07:39:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-15 07:04:31 ----SD---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Microsoft
2009-10-14 15:10:28 ----D---- C:\Program Files\VideoLAN
2009-10-12 22:57:11 ----RSD---- C:\WINDOWS\Fonts
2009-10-12 22:56:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-12 22:49:17 ----D---- C:\Program Files\Common Files\System
2009-10-12 22:45:51 ----D---- C:\WINDOWS\SHELLNEW
2009-10-12 22:32:07 ----D---- C:\Program Files\MSBuild
2009-10-12 21:55:10 ----D---- C:\Program Files\7-Zip
2009-10-12 21:20:02 ----D---- C:\WINDOWS\Media
2009-10-12 20:57:43 ----A---- C:\WINDOWS\ODBC.INI
2009-10-09 23:19:09 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-10-08 19:00:46 ----A---- C:\WINDOWS\system32\libmplayer.dll
2009-10-08 19:00:46 ----A---- C:\WINDOWS\system32\libavcodec.dll
2009-10-08 19:00:44 ----A---- C:\WINDOWS\system32\ff_x264.dll
2009-10-08 19:00:44 ----A---- C:\WINDOWS\system32\ff_wmv9.dll
2009-10-08 18:27:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-10-07 14:47:00 ----D---- C:\Program Files\Common Files\DVDVideoSoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-10-18 43672]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-06-12 15232]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2008-09-08 196368]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-04-24 53192]
R3 AngelUsb;Angel USB MPEG Device; C:\WINDOWS\system32\DRIVERS\AngelUsb.sys [2005-02-17 375424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S2 bsaspi32;bsaspi32; C:\WINDOWS\system32\drivers\bsaspi32.sys []
S2 Nbf;NetBEUI Protocol; C:\WINDOWS\system32\DRIVERS\nbf.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-07 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-07 21488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-01-17 12270]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 ehMonitor;Media Center Monitor Service; C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe [2005-09-07 49336]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-20 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]
R2 RogersSelfHelpService;Rogers SHS Service; c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2009-05-25 144696]
R2 RogersUpdateManager;Rogers Update Manager; C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe [2008-04-22 163840]
R2 RP_FWS;Rogers Online Protection Firewall; C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe [2009-02-27 363248]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UphClean\uphclean.exe [2005-04-27 241725]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]
R3 Radialpoint Security Services;Rogers Online Protection; C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [2009-02-27 97520]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-07-07 65795]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Edited by EQUANOX, 06 November 2009 - 01:21 PM.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:02 AM

Posted 06 November 2009 - 03:36 PM

Hello EQUANOX,

Good job :(

Im not see anything causing your problems, can you download and install Firefox, then we can determine if this is just an IE problem.

I think I mentioned this issue before about the MY DOCUMENTS Folder, when I open it it freezes as I scroll up & down & I am forced to close the application using Task Manager.


Does explorer only crash when you open the My Documents folder or does do it when you open others as well?

unite.jpg


#9 EQUANOX

EQUANOX
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 06 November 2009 - 06:04 PM

Hi Syler,


WOW looks like Firefox did the job :( I am sending this post using the Dell computer & there is no ERROR messsages as yet. I guess you are right IE8 does have some bugs in it. Thank you for analyzing my computer & giving it a good bill of health. Should I delete IE8 all together from my computer & just use Firefox from now on?

To answer your second question It seems like just the My Documents folder is the only one freezing up. I have other folders I created with pictures in them & they load just fine. How can I fix this problem?

Edited by EQUANOX, 06 November 2009 - 06:18 PM.


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:02 AM

Posted 07 November 2009 - 01:44 PM

We are not done quite yet, I would like to find out what is causing the My Documents folder to freeze, it seems like you may have a corrupted file in this folder
that is causing problems.

Should I delete IE8 all together from my computer & just use Firefox from now on?


I would suggest that you leave IE8 alone as it is part of windows. You can just use Firefox from now on, but I think you would be better trying to work out your
problem with IE by posting a topic here, when we are finished.

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.

CMD /C DIR /A "%userprofile%\my documents" >report.txt&START report.txt

  • The command prompt will pop up and tell you it was successful or give you an error message, please let me no what it says.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back here with the following logs:
  • report.txt
  • Kaspersky report
Thanks

unite.jpg


#11 EQUANOX

EQUANOX
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 10 November 2009 - 01:21 PM

Hi Syler,


I have done everything you said in order, first the Report.txt below & then the Kaspersky report. I have tested my MY Documents folder & it is runiing GREAT :( . Thanks. If there is any more instructions for me to follow please let me know.


(1)
Volume in drive C has no label.
Volume Serial Number is 4844-E890

Directory of C:\Documents and Settings\Mr. Sean Solomon\my documents

11/06/2009 07:59 PM <DIR> .
11/06/2009 07:59 PM <DIR> ..
07/29/2009 12:43 PM 401,952 3DwindowsXP.exe
10/10/2009 02:15 PM 939,956 7z465.exe
09/11/2009 08:14 PM <DIR> AUDACITY MUSIC SAMPLES
09/16/2009 01:30 PM <DIR> AUDACITY ver 1.2.6
11/06/2009 12:12 PM <DIR> CDBurnerXP Projects
10/12/2009 11:42 AM <DIR> Click Free Backup Folder
05/04/2009 07:23 AM 87 desktop.ini
04/15/2009 07:23 PM <DIR> DPE
07/29/2009 05:47 PM 576,588 exico Icons From File 3.34 Extractor & Organizer Jul 29.09.zip
10/17/2009 01:01 AM 9,056,752 fences_public ver1.0 Oct 6.09.exe
11/06/2009 05:15 PM 7,910,064 Firefox Setup 3.5.5.exe
10/07/2009 03:42 PM 4,378,810 FYDCSetup Free YouTube Downloader.exe
03/15/2009 10:09 PM <DIR> GomPlayer
08/27/2009 04:39 PM 3,262 How To Recaulk Plumbing Fixtures.rtf
09/11/2009 01:57 PM 3,057,491 IconTweaker.exe
09/16/2009 09:41 PM 630 If Win XP takes to long to close open this note.txt
08/20/2009 06:32 PM 714,528 JavaSetup6u15.exe
11/06/2009 07:55 PM <DIR> Malware Analyzing Suite
10/12/2009 07:44 PM <DIR> Microsoft Office 2007 Setup Folder
07/23/2009 03:43 PM <DIR> My ADDRESSES FROM YAHOO MAIL JUL 23.09
03/29/2009 05:19 PM <DIR> My Albums
05/09/2009 11:37 PM <DIR> My Data Sources
03/15/2009 07:59 PM <DIR> My DVDs
05/04/2009 07:23 AM <DIR> My Music
10/21/2009 01:16 PM <DIR> My Pictures
03/08/2009 04:52 PM <DIR> My Received Files
10/25/2009 07:24 PM <DIR> My Scans
10/07/2009 05:32 PM <DIR> My Videos
10/15/2009 07:04 AM <DIR> OneNote Notebooks
10/08/2009 05:23 PM 918,623 OpenWith.org_Installer.exe
09/20/2009 01:29 PM <DIR> PhotoScape Versions
09/11/2009 07:55 AM 1,079,272 revouninstalersetupver 1.83.exe
03/08/2009 05:12 PM <DIR> TomTom
08/25/2009 01:54 PM 24,576 user Linksys Router Backup Congiguration File Aug 25.09.conf
09/11/2009 12:42 PM 135,387 VistaDriveIcon_1.4_Setup.exe
10/11/2009 09:23 PM <DIR> VLC media player 0.9
10/10/2009 03:55 PM <DIR> Win RAR 3.90 PRO Oct 9.09
10/17/2009 12:33 AM <DIR> Windows Media Player 11 (Win XP) & MCE Audio & Video Codec Setup
09/15/2009 12:01 PM 704,977 winflip-crystalxp.net-en-12609.zip
10/09/2009 11:58 AM <DIR> WinZip PRO Ver 12.1 Oct 9.09
10/29/2009 02:35 AM 15,346,757 Xilisoft.AVI.to.DVD.Converter.3.0.45.1012.rar
09/10/2009 07:06 PM 3,096,261 YoutubeDownloaderSetup.exe
18 File(s) 48,345,973 bytes
26 Dir(s) 123,232,473,088 bytes free



(2)
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, November 10, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 09, 2009 22:48:02
Records in database: 3184328
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics
Objects scanned 63922
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 02:20:10

No threats found. Scanned area is clean.
Selected area has been scanned.

Edited by EQUANOX, 10 November 2009 - 01:37 PM.


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:02 AM

Posted 10 November 2009 - 02:13 PM

Hi EQUANOX,

Can you please post a new Rsit log for one last check, Also do you know what this file in your My Documents folder is 7z465.exe, if you don't
then I would suggest you delete it.

unite.jpg


#13 EQUANOX

EQUANOX
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 10 November 2009 - 08:30 PM

Hi Syler,

7z465.exe is 7zip ver 4.65 (Free file-compression utility). I keep this around as a backup just in case WinRAR decides to fail on me (Trial Version). I have deleted a couple of Windows Tasks C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job & C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job. Please let me know if this is benaficial for the computer functions. Below is a fresh RSIT scan for you, I hope everything is all good. I will wait for your reply. Thanks



Logfile of random's system information tool 1.06 (written by random/random)
Run by Mr. Sean Solomon at 2009-11-10 20:38:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 117 GB (79%) free of 148 GB
Total RAM: 1022 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:07 PM, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UphClean\uphclean.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\program files\rogers\selfhealing\shs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr. Sean Solomon\Desktop\RSIT.exe
C:\Program Files\trend micro\Mr. Sean Solomon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://express.rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\Rogers\SelfHealing\shs.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RogersServicepointAgent.exe] "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: WinFlip.lnk = C:\Program Files\WinFlip\WinFlip.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1250877687312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236894849515
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rogers Online Protection (Radialpoint Security Services) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Rogers Online Protection Firewall (RP_FWS) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8476 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{170B5262-1E3F-4AEC-BC1E-4B85D3A2F8C0}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D85F442C-EE54-486E-B387-6CAFA0B01BFF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll [2009-02-27 55536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Rogers SHS"=C:\Program Files\Rogers\SelfHealing\shs.exe [2009-05-25 2741560]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"RogersServicepointAgent.exe"=C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe [2009-02-27 3228912]
"DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-09 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-27 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mr. Sean Solomon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3
"idsvc"=3
"WMPNetworkSvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Mr. Sean Solomon\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
WinFlip.lnk - C:\Program Files\WinFlip\WinFlip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Media Center Diagnostic Kit\MCDiag.exe"="C:\Program Files\Media Center Diagnostic Kit\MCDiag.exe:*:Enabled:Media Center Diagnostic Tool"
"C:\Program Files\Media Center Diagnostic Kit\MCEHostRemote.exe"="C:\Program Files\Media Center Diagnostic Kit\MCEHostRemote.exe:*:Enabled:Media Center Scripting Host"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bee25647-0c49-11de-b6d5-001109b89f15}]
shell\AutoRun\command - K:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5c24ae5-0ddd-11de-b6db-001109b89f15}]
shell\AutoRun\command - I:\StartClickFreeBackup.exe


======List of files/folders created in the last 1 months======

2009-11-09 19:24:42 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-09 19:24:42 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-09 19:24:42 ----A---- C:\WINDOWS\system32\java.exe
2009-11-09 19:23:33 ----D---- C:\Program Files\Java
2009-11-06 17:16:59 ----D---- C:\Program Files\Mozilla Firefox
2009-11-06 11:31:49 ----D---- C:\_OTM
2009-11-06 11:21:34 ----D---- C:\WINDOWS\ERDNT
2009-11-06 11:18:44 ----D---- C:\Program Files\ERUNT
2009-11-04 14:15:43 ----D---- C:\Program Files\trend micro
2009-11-04 14:15:42 ----D---- C:\rsit
2009-10-22 11:56:40 ----A---- C:\RootRepeal report 10-22-09 (12-56-40).txt
2009-10-20 14:27:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-20 14:23:47 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-19 21:21:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-19 21:20:28 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\SUPERAntiSpyware.com
2009-10-19 20:36:13 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Malwarebytes
2009-10-19 20:36:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-19 20:36:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-19 16:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-18 20:23:27 ----A---- C:\WINDOWS\HPGdiPlus.ini
2009-10-18 20:00:25 ----D---- C:\Program Files\Common Files\HP
2009-10-18 15:29:26 ----D---- C:\Program Files\HP
2009-10-17 19:52:33 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard(2)
2009-10-17 07:17:52 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Stardock
2009-10-17 07:17:29 ----HDC---- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2009-10-17 07:17:26 ----D---- C:\Program Files\Stardock
2009-10-17 02:35:26 ----D---- C:\Program Files\Xilisoft
2009-10-17 00:23:43 ----D---- C:\WINDOWS\system32\custom matrices
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\openIE.js
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\gnu_license.txt
2009-10-17 00:23:43 ----A---- C:\WINDOWS\system32\Boost_Software_License_1.0.txt
2009-10-17 00:23:42 ----D---- C:\WINDOWS\system32\languages
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\TomsMoComp_ff.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\libmpeg2_ff.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\ff_samplerate.dll
2009-10-17 00:23:41 ----A---- C:\WINDOWS\system32\ff_kernelDeint.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_unrar.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_tremor.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libmad.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libfaad2.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_libdts.dll
2009-10-17 00:23:40 ----A---- C:\WINDOWS\system32\ff_liba52.dll
2009-10-17 00:23:39 ----A---- C:\WINDOWS\system32\unins000.exe
2009-10-17 00:23:39 ----A---- C:\WINDOWS\system32\ffmpegmt.dll
2009-10-15 21:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 21:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 21:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 21:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 21:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 21:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 21:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 21:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 21:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-15 21:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 16:15:53 ----D---- C:\Program Files\XP Codec Pack
2009-10-15 07:39:05 ----D---- C:\Program Files\Dell
2009-10-15 07:39:04 ----D---- C:\WINDOWS\system32\Dell
2009-10-13 17:35:44 ----A---- C:\WINDOWS\uninst.exe
2009-10-12 22:36:54 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-10-12 22:30:11 ----D---- C:\Program Files\Microsoft Visual Studio
2009-10-12 22:30:11 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-12 22:26:57 ----D---- C:\Program Files\Microsoft.NET
2009-10-12 22:18:20 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-10-12 22:15:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-11 21:23:05 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\OpenWith.org Downloaded Setups
2009-10-11 06:50:05 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\AskToolbar

======List of files/folders modified in the last 1 months======

2009-11-10 20:33:29 ----SD---- C:\WINDOWS\Tasks
2009-11-10 20:16:49 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2009-11-10 20:10:31 ----D---- C:\WINDOWS\Prefetch
2009-11-10 15:10:37 ----D---- C:\WINDOWS\Temp
2009-11-10 15:10:36 ----D---- C:\WINDOWS\system32
2009-11-10 12:49:49 ----SHD---- C:\RECYCLER
2009-11-10 12:48:28 ----D---- C:\Program Files\WinFlip
2009-11-10 12:48:05 ----D---- C:\WINDOWS
2009-11-10 12:37:59 ----A---- C:\Documents and Settings\All Users\Application Data\updateinfo.txt
2009-11-10 12:37:52 ----D---- C:\WINDOWS\Registration
2009-11-10 12:36:17 ----D---- C:\WINDOWS\system32\drivers
2009-11-10 12:36:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-10 04:08:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-09 19:25:05 ----SHD---- C:\WINDOWS\Installer
2009-11-09 19:24:58 ----D---- C:\Config.Msi
2009-11-09 19:23:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-09 19:23:33 ----RD---- C:\Program Files
2009-11-09 16:38:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-06 17:17:54 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Mozilla
2009-11-06 12:06:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-06 12:06:29 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-11-04 14:01:37 ----A---- C:\WINDOWS\imsins.BAK
2009-11-04 14:01:36 ----HD---- C:\WINDOWS\inf
2009-11-04 14:01:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-04 14:00:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-28 21:47:49 ----D---- C:\Documents and Settings
2009-10-25 19:25:03 ----A---- C:\WINDOWS\win.ini
2009-10-23 22:15:49 ----RSD---- C:\WINDOWS\assembly
2009-10-22 19:09:04 ----A---- C:\WINDOWS\system32\dfrg.msc
2009-10-22 18:54:01 ----SHD---- C:\System Volume Information
2009-10-22 18:54:01 ----D---- C:\WINDOWS\system32\Restore
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-21 13:16:07 ----D---- C:\Program Files\Microsoft Office
2009-10-21 12:29:36 ----D---- C:\Program Files\Common Files
2009-10-20 19:48:48 ----SH---- C:\boot.ini
2009-10-20 19:48:48 ----A---- C:\WINDOWS\system.ini
2009-10-20 14:23:21 ----D---- C:\WINDOWS\WinSxS
2009-10-18 19:53:58 ----D---- C:\WINDOWS\twain_32
2009-10-18 19:40:46 ----D---- C:\WINDOWS\system32\URTTemp
2009-10-18 19:07:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-18 18:47:58 ----D---- C:\WINDOWS\Help
2009-10-17 20:36:47 ----D---- C:\WINDOWS\system32\config
2009-10-17 20:35:52 ----D---- C:\WINDOWS\system32\wbem
2009-10-16 15:37:52 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-15 21:34:29 ----D---- C:\Program Files\Internet Explorer
2009-10-15 21:25:36 ----D---- C:\Program Files\Microsoft Works
2009-10-15 20:55:08 ----D---- C:\Program Files\Windows Desktop Search
2009-10-15 19:26:00 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-15 18:57:50 ----D---- C:\WINDOWS\pss
2009-10-15 17:56:45 ----D---- C:\WINDOWS\system32\en-us
2009-10-15 16:02:46 ----D---- C:\WINDOWS\security
2009-10-15 11:40:08 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-15 11:34:52 ----D---- C:\Program Files\Common Files\Adobe
2009-10-15 07:39:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-15 07:04:31 ----SD---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\Microsoft
2009-10-14 15:10:28 ----D---- C:\Program Files\VideoLAN
2009-10-12 22:57:11 ----RSD---- C:\WINDOWS\Fonts
2009-10-12 22:56:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-12 22:49:17 ----D---- C:\Program Files\Common Files\System
2009-10-12 22:45:51 ----D---- C:\WINDOWS\SHELLNEW
2009-10-12 22:32:07 ----D---- C:\Program Files\MSBuild
2009-10-12 21:55:10 ----D---- C:\Program Files\7-Zip
2009-10-12 21:20:02 ----D---- C:\WINDOWS\Media
2009-10-12 20:57:43 ----A---- C:\WINDOWS\ODBC.INI
2009-10-12 18:50:13 ----D---- C:\Documents and Settings\Mr. Sean Solomon\Application Data\OpenWith.org Cache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-10-18 43672]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-06-12 15232]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2008-09-08 196368]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-04-24 53192]
R3 AngelUsb;Angel USB MPEG Device; C:\WINDOWS\system32\DRIVERS\AngelUsb.sys [2005-02-17 375424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S2 bsaspi32;bsaspi32; C:\WINDOWS\system32\drivers\bsaspi32.sys []
S2 Nbf;NetBEUI Protocol; C:\WINDOWS\system32\DRIVERS\nbf.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-07 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-07 21488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-01-17 12270]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 ehMonitor;Media Center Monitor Service; C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe [2005-09-07 49336]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]
R2 RogersSelfHelpService;Rogers SHS Service; c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2009-05-25 144696]
R2 RogersUpdateManager;Rogers Update Manager; C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe [2008-04-22 163840]
R2 RP_FWS;Rogers Online Protection Firewall; C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe [2009-02-27 363248]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UphClean\uphclean.exe [2005-04-27 241725]
R3 Radialpoint Security Services;Rogers Online Protection; C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [2009-02-27 97520]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-07-07 65795]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Edited by EQUANOX, 10 November 2009 - 08:41 PM.


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:02 AM

Posted 11 November 2009 - 05:26 PM

That all looks fine to me, deleting the scheduled tasks was fine although it won't really make any difference to your computer functioning.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :(

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.
Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Tutorials on using these programs can be found below:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :(
Syler

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:02 AM

Posted 12 November 2009 - 07:35 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users