Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infection of some sort


  • This topic is locked This topic is locked
14 replies to this topic

#1 orterrym

orterrym

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 01 March 2010 - 07:16 PM

When I do a search in Google, then click on a link, sometimes it goes to the link, but often it reroutes instead to some ad. Sometimes it goes to the correct link, but then it also tries to launch another tab with an ad.

Here is my dds.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 15:30:32.02 on Sun 02/28/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2471 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nerxy\Nerxy File Orgainzer\FileOrganiser.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://start.earthlink.net
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by Comcast
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: H - No File
BHO: {1bc23698-ca73-4544-a89b-7d14c28336b3} - c:\windows\system32\comres32.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [SpySweeper]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [A00FFC93733.exe] c:\docume~1\owner\locals~1\temp\_A00FFC93733.exe
uRun: [A00F241D7E28.exe] c:\docume~1\owner\locals~1\temp\_A00F241D7E28.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Nerxy] c:\program files\nerxy\nerxy file orgainzer\FileOrganiser.exe /m
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CHotkey] zHotkey.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mExplorerRun: [RTHDBPL] c:\docume~1\owner\locals~1\temp\1452.tmp
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\program files\earthlink totalaccess\accelerator\prplsf.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0013-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.0/jinstall-1_3_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: 887ce04d716 - c:\windows\system32\dpserial32.dll
Notify: __c001882A - c:\windows\system32\__c001882A.dat
Notify: __c00199C4 - c:\windows\system32\__c00199C4.dat
Notify: __c00386D2 - c:\windows\system32\__c00386D2.dat
Notify: __c0039E06 - c:\windows\system32\__c0039E06.dat
Notify: __c003E610 - c:\windows\system32\__c003E610.dat
Notify: __c006F914 - c:\windows\system32\__c006F914.dat
Notify: __c007372B - c:\windows\system32\__c007372B.dat
Notify: __c0078B21 - c:\windows\system32\__c0078B21.dat
Notify: __c00852E9 - c:\windows\system32\__c00852E9.dat
Notify: __c00B10 - c:\windows\system32\__c00B10.dat
Notify: __c00B1181 - c:\windows\system32\__c00B1181.dat
Notify: __c00B684E - c:\windows\system32\__c00B684E.dat
Notify: __c00BEE68 - c:\windows\system32\__c00BEE68.dat
Notify: __c00CF792 - c:\windows\system32\__c00CF792.dat
Notify: __c00DCC7E - c:\windows\system32\__c00DCC7E.dat
Notify: __c00DF7FE - c:\windows\system32\__c00DF7FE.dat
Notify: __c00E0DA6 - c:\windows\system32\__c00E0DA6.dat
Notify: __c00E304E - c:\windows\system32\__c00E304E.dat
Notify: __c00E5290 - c:\windows\system32\__c00E5290.dat
Notify: __c00EB0BA - c:\windows\system32\__c00EB0BA.dat
Notify: __c00EF5FC - c:\windows\system32\__c00EF5FC.dat
Notify: __c00EFD28 - c:\windows\system32\__c00EFD28.dat
AppInit_DLLs: karna.dat,c:\windows\system32\dpserial32.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\k03mz983.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - eMusic Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\k03mz983.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\k03mz983.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\k03mz983.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\k03mz983.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\k03mz983.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplalaDl.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-9 207792]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-1-9 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-1-9 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-1-9 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-9 112592]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink totalaccess\wengine\wmonitor.exe [2005-1-26 65604]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-1-24 3768]
S3 APL531;35mm Film Scanner;c:\windows\system32\drivers\FilmScan.sys [2006-7-31 580992]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [2004-11-1 17536]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-6-24 30192]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-1-9 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-9 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-9 1141712]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-1-25 184320]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-1-9 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2010-03-19 10:28:18 195584 ----a-w- c:\windows\system32\comsvcs(2)(2)32.dll
2010-02-28 20:00:41 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-02-28 16:36:09 200704 ----a-w- c:\windows\system32\comres32.dll
2010-02-28 06:47:03 748032 --sha-w- c:\windows\system32\144E.tmp
2010-02-27 10:47:03 748032 --sha-w- c:\windows\system32\13CC.tmp
2010-02-26 14:47:02 748032 --sha-w- c:\windows\system32\E0.tmp
2010-02-26 14:46:38 748032 --sha-w- c:\windows\system32\DF.tmp
2010-02-26 02:43:39 749056 --sha-w- c:\windows\system32\C8.tmp
2010-02-26 01:15:23 200704 ----a-w- c:\windows\system32\clbcatex32.dll
2010-02-25 06:43:41 749056 --sha-w- c:\windows\system32\8D.tmp
2010-02-24 10:43:43 750592 --sha-w- c:\windows\system32\6C.tmp
2010-02-24 00:14:26 197120 ----a-w- c:\windows\system32\CNMLM7532.dll
2010-02-23 14:43:46 750592 --sha-w- c:\windows\system32\4C.tmp
2010-02-23 11:53:16 197120 ----a-w- c:\windows\system32\dfrgsnap32.dll
2010-02-22 18:43:50 749568 --sha-w- c:\windows\system32\32.tmp
2010-02-22 11:21:11 200704 ----a-w- c:\windows\system32\certcli3232.dll
2010-02-22 02:22:20 200704 ----a-w- c:\windows\system32\comaddin3232.dll
2010-02-21 21:23:56 200704 ----a-w- c:\windows\system32\dmconfig32.dll
2010-02-21 13:24:43 749568 --sha-w- c:\windows\system32\10F.tmp
2010-02-21 11:55:56 200704 ----a-w- c:\windows\system32\encapi32.dll
2010-02-21 03:15:04 200704 ----a-w- c:\windows\system32\basesrv32.dll
2010-02-20 21:10:17 200704 ----a-w- c:\windows\system32\catsrvps32.dll
2010-02-20 17:24:37 749568 --sha-w- c:\windows\system32\14.tmp
2010-02-18 00:51:26 195584 ----a-w- c:\windows\system32\dmband32.dll
2010-02-17 11:14:39 195584 ----a-w- c:\windows\system32\cscdll32.dll
2010-02-17 02:18:12 195584 ----a-w- c:\windows\system32\certcli32.dll
2010-02-16 02:19:10 198656 ----a-w- c:\windows\system32\cabinet(2)32.dll
2010-02-15 23:50:20 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-02-15 23:50:20 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-02-14 16:01:17 198656 ----a-w- c:\windows\system32\batt32.dll
2010-02-13 23:05:09 198656 ----a-w- c:\windows\system32\avifil3232.dll
2010-02-12 23:32:03 200192 ----a-w- c:\windows\system32\dpus1032.dll
2010-02-12 10:08:39 200192 ----a-w- c:\windows\system32\corpol32.dll
2010-02-11 23:35:10 200192 ----a-w- c:\windows\system32\confmsp32.dll
2010-02-11 00:49:55 200192 ----a-w- c:\windows\system32\eapolqec32.dll
2010-02-10 01:04:33 200192 ----a-w- c:\windows\system32\cnbjmon32.dll
2010-02-06 23:02:08 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-06 22:57:30 0 d-----r- c:\program files\Skype

==================== Find3M ====================

2010-01-29 10:02:22 29184 ----a-w- c:\windows\system32\__c00B10.dat
2010-01-22 11:58:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-16 18:43:22 249856 ------w- c:\windows\Setup1.exe
2010-01-16 18:43:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-15 00:48:46 1973 --sha-w- c:\windows\system32\1D7.tmp
2010-01-10 16:43:59 4410 ----a-w- c:\windows\system32\tmp.reg
2010-01-10 03:57:17 1972 ----a-w- c:\windows\system32\6334.exe
2010-01-07 23:23:26 10 ----a-w- C:\confin.sys
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-20 12:47:52 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2009-12-20 12:20:07 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 02:47:01 203776 --sh--w- c:\windows\system32\unrar.exe
2009-12-14 02:46:39 119296 ----a-w- c:\windows\system32\dpserial32.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-05 23:18:50 106496 ----a-w- c:\windows\system32\ATL71.DLL
2002-07-26 21:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2009-01-11 02:38:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011020090111\index.dat
2009-01-18 17:30:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011820090119\index.dat

============= FINISH: 15:31:25.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 06 March 2010 - 06:38 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I
would appreciate if you would let me no so I can close this topic.




Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt

Thanks

unite.jpg


#3 orterrym

orterrym
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 07 March 2010 - 10:47 AM

Thanks for taking the time to help.
I ran both mbam and rsit.
I was instructed to reboot after mbam ran.

Here are the contents of mbam log:

Malwarebytes' Anti-Malware 1.44
Database version: 3831
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/7/2010 10:33:15 AM
mbam-log-2010-03-07 (10-33-15).txt

Scan type: Quick Scan
Objects scanned: 137387
Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 31
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 132

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dpserial32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\DF.tmp (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\dnsapi32.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\__c0028057.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1bc23698-ca73-4544-a89b-7d14c28336b3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1bc23698-ca73-4544-a89b-7d14c28336b3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\887ce04d716 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1bc23698-ca73-4544-a89b-7d14c28336b3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0028057 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c001882a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00199c4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00386d2 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0039e06 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003e610 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c006f914 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007372b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0078b21 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00852e9 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00a7e18 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b1181 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b684e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00bee68 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00cf792 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00da6e9 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00dcc7e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00df7fe (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00e0da6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00e304e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00e5290 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00eb0ba (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00ef5fc (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00efd28 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00f3cc5 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00ffc93733.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f241d7e28.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\dpserial32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\dpserial32.dll -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\dnsapi32.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dpserial32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\DF.tmp (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\10F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\13CC.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\14.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\144E.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\150.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\encapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certcli32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certcli3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbcatex32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnbjmon32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CNMLM7532.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comaddin3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comres32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsvcs(2)(2)32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfrgsnap32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpus1032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avifil3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basesrv32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\batt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8D.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\catsrvps32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00B10.dat (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E0.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eapolqec32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmband32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmconfig32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cscdll32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cabinet(2)32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\confmsp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\corpol32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\164.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\165.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\16E.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\27.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2EB.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\32.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\D8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\D9.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\DA.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\DC.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\13.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\13E3.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\144.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\15D9.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\15DA.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\15DB.tmp (P2P.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\162.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\165.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\189.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1C9.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1CE.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\29B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\2CA.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\2FD.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\2FE.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\30.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\31.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\36.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\3AA.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\3D2.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\54B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\593.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\594.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\5B4.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\5D.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\5EF.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\5F0.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\63.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\66.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\66E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\7B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\7D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\867.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\94.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\9E.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\9F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\A6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\A7.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\AE.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\B1.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\C3.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\FD.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for dxo optics pro 6 with patch (another great release from SSG).zip\setup.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4CJU9GSI\KB959460[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1378269719v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1378269719v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1378269719v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1378269719v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1378269719v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1378269719v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1378269719v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1378269719v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1378269719v4 (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\SysWoW32\mu1378269719v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1378269719v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1378269719v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1378269719v6 (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\SysWoW32\mu1378269719v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1378269719v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1378269719v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1378269719v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1378269719v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1378269719v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1378269719v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1378269719v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1378269719v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1378269719v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1378269719v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1378269719v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1378269719v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1378269719v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1378269719v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1378269719v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1378269719v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1378269719v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1378269719v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0028057.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.

Here is the rsit log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-03-07 10:40:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (1%) free of 186 GB
Total RAM: 2943 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:12, on 3/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nerxy\Nerxy File Orgainzer\FileOrganiser.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Nerxy] C:\Program Files\Nerxy\Nerxy File Orgainzer\FileOrganiser.exe /m
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 12141 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-366342919-3755530360-1970013960-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-366342919-3755530360-1970013960-1006UA.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-21 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-21 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"=C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2007-01-23 81920]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-14 14820864]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-09-18 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-18 7204864]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2005-05-03 543232]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-09-14 69632]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-20 30192]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-22 149280]
"Nikon Transfer Monitor"=C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2009-02-24 479232]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-06-02 1957888]
"SpySweeper"= []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe []
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-20 1207080]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
"Nerxy"=C:\Program Files\Nerxy\Nerxy File Orgainzer\FileOrganiser.exe [2009-05-29 2003496]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"E6TaskPanel"=C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [2005-03-05 942080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1130652600\EE\AOLHostManager.exe [2004-11-03 125528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\BigFix.exe [2002-07-31 1742384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1130652600\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1130652600\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Moovida\moovida.exe"="C:\Program Files\Moovida\moovida.exe:*:Enabled:Moovida Media Center"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c0062f9-2cf7-11de-b891-0013d3cd633d}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c0062fb-2cf7-11de-b891-0013d3cd633d}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92318c61-46cb-11dc-b807-0013d3cd633d}]
shell\AutoRun\command - L:\LinksysConnectPC.exe


======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-03-07 10:40:04 ----D---- C:\rsit
2010-03-07 10:40:04 ----D---- C:\Program Files\trend micro
2010-03-07 10:35:24 ----D---- C:\Avenger
2010-03-07 10:19:46 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-03-07 10:19:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-07 10:19:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-07 10:17:08 ----ASH---- C:\WINDOWS\system32\5.tmp
2010-03-07 07:27:50 ----A---- C:\WINDOWS\system32\2EE.tmp
2010-03-07 07:27:29 ----A---- C:\WINDOWS\system32\2ED.tmp
2010-03-02 20:49:47 ----A---- C:\TDSSKiller.2.2.7.1_02.03.2010_20.49.47_log.txt
2010-03-02 19:12:47 ----D---- C:\Documents and Settings\Owner\Application Data\Template
2010-03-01 11:27:45 ----A---- C:\WINDOWS\system32\26.tmp
2010-02-27 13:28:53 ----D---- C:\Program Files\QuickTime
2010-02-27 13:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-19 21:40:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-19 21:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-19 21:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-19 21:35:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-19 21:35:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-19 21:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-19 21:34:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-19 21:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-19 21:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-19 06:36:37 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-03-07 10:40:04 ----RD---- C:\Program Files
2010-03-07 10:38:50 ----D---- C:\Program Files\Mozilla Firefox
2010-03-07 10:37:25 ----D---- C:\WINDOWS\Temp
2010-03-07 10:36:52 ----D---- C:\WINDOWS\system32\Lang
2010-03-07 10:36:48 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2010-03-07 10:36:29 ----D---- C:\WINDOWS\Registration
2010-03-07 10:36:06 ----D---- C:\WINDOWS
2010-03-07 10:36:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-07 10:35:25 ----D---- C:\WINDOWS\system32
2010-03-07 10:35:24 ----D---- C:\WINDOWS\system32\drivers
2010-03-07 10:34:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-07 10:34:36 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2010-03-07 10:18:02 ----D---- C:\Documents and Settings\Owner\Application Data\skypePM
2010-03-07 10:17:55 ----D---- C:\WINDOWS\system32\978224938
2010-03-07 10:17:54 ----D---- C:\WINDOWS\Prefetch
2010-03-06 11:06:31 ----D---- C:\Documents and Settings\Owner\Application Data\ComcastToolbar
2010-03-06 05:13:09 ----SHD---- C:\WINDOWS\Installer
2010-03-06 05:13:05 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-03-03 09:19:55 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-02-28 14:53:01 ----D---- C:\Program Files\Spyware Doctor
2010-02-27 18:02:45 ----D---- C:\Program Files\AdorageI-GfxDatas
2010-02-27 13:17:26 ----HD---- C:\WINDOWS\inf
2010-02-21 21:24:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-21 17:43:27 ----D---- C:\WINDOWS\Minidump
2010-02-19 21:40:17 ----A---- C:\WINDOWS\imsins.BAK
2010-02-19 21:40:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-19 21:39:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-15 20:23:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-12 20:50:18 ----D---- C:\WINDOWS\twain_32
2010-02-12 20:16:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-08 01:39:07 ----HD---- C:\Documents and Settings\All Users\Application Data\Google
2010-02-08 01:39:05 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-28 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-28 2560]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-10-30 8552]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-09-26 76288]
R3 ASAPIW2K;ASAPIW2K; \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-14 3856896]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MovRVDrv32;MovRVDrv32; C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-12-28 3768]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-18 3493984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-12-28 513152]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 APL531;35mm Film Scanner; C:\WINDOWS\System32\Drivers\FILMSCAN.sys [2006-07-31 580992]
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-07-18 16509]
S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S3 PinnacleMarvinUsb;Pinnacle Systems Service for MovieBox Deluxe, 500-USB and 700-USB; C:\WINDOWS\system32\DRIVERS\MarvinUsb.sys [2007-01-23 441472]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNTNLUSB;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2002-09-26 26120]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2002-10-23 43184]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2002-10-23 6032]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2002-10-23 77264]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
R2 EarthLinkMonitor;EarthLink Monitor Service; C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [2005-01-26 65604]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-22 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-18 131139]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-10-30 172032]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-20 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-20 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2007-12-28 184320]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-11-12 70928]
S4 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Here is the rsit info:

info.txt logfile of random's system information tool 1.06 2010-03-07 10:40:17

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02FB2C63-5763-4CDD-99E6-566C57189742}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
35mm Film Scanner X86-->MsiExec.exe /I{F3CF9967-7631-4DE5-9FAF-A9712D450C2B}
360Share Pro(remove only)-->"C:\Program Files\360Share Pro\bt-uninst.exe"
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\aolunins_us.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bibble 5-->C:\Program Files\Bibble Labs\Bibble 5\uninstall.exe
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BookSmart® 2.5.1 2.5.1-->C:\Program Files\BookSmart\uninstall.exe
Boris Graffiti-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{262BF2CD-601D-4F43-919C-4B00B1D1F338}\setup.exe" -l0x9 -removeonly
Browser Defender 2.0.6.15-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Comcast Toolbar-->C:\Program Files\ComcastToolbar\uninstall.exe
Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{E40CE517-0D42-4198-96B4-C8232B257EB5}
DesignPro 5.4 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Desktop Hijack Fix-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Desktop Hijack Fix\ST6UNST.LOG"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
DiscAPI-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
EarthLink Software-->"C:\Program Files\EarthLink TotalAccess\uninstll.exe" /W
eMusic Download Manager 4.1.3.1-->C:\Program Files\eMusic Download Manager\uninst.exe
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
FileASSASSIN-->C:\Program Files\FileASSASSIN\uninst.exe
Gimp 2.6.2 Debug-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HFX Volume 1-->MsiExec.exe /I{468B359F-BAEF-466F-BB82-5EDEA1D8B2FB}
HFX Volume 2-->MsiExec.exe /I{37F79692-6F8A-487E-BF5A-A1E3227D9830}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lala Music Mover-->MsiExec.exe /X{3F4D5B1E-C991-4B6E-A8C0-CC2C6C4B60C3}
Linksys EasyLink Advisor 1.6 (0032)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Magic Bullet Looks Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 12\Plugins\RTFx\mblooksstudio.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Moovida-->C:\Program Files\Moovida\uninstall-1.0.5.exe
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF2606C7-63AF-40F4-8919-F2EC654ACC91}\setup.exe" -l0x9 -removeonly
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nerxy File Orgainzer-->"C:\Program Files\Nerxy\Nerxy File Orgainzer\unins000.exe"
Network Notepad 4.6.6-->"C:\Program Files\Network Notepad\unins000.exe"
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Palm Desktop-->MsiExec.exe /X{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\uninstal.log
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
Pinnacle Studio 12 Ultimate Plugins-->MsiExec.exe /I{D1860E6E-520E-4380-8433-E58E8F88B473}
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
Pinnacle Video Driver-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
Polaroid Dust and Scratch Removal v1.0.0.15.2e-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}\Setup.exe" -l0x9
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
proDAD Heroglyph 2.0-->"C:\Program Files\proDAD\Heroglyph-2.0\uninstall.exe" uninstall spcp PATHVERSION 2.0 MAINNAME Heroglyph
proDAD Heroglyph 2.5-->"C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
proDAD Vitascene 1.0-->"C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
Punch! Super Home Suite-->C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
Pure Networks Port Magic-->C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime-->MsiExec.exe /I{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}
RAPID-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Rhapsody MP3 Download Manager-->MsiExec.exe /I{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}
Rosetta Stone 2.1.5.1A-->"C:\Program Files\Rosetta Stone\RS2.1.5.1A_Support\Uninstall_Rosetta Stone 2.1.5.1A\Uninstall Rosetta Stone 2.1.5.1A.exe"
RTFx Volume 1-->MsiExec.exe /I{3F45E8FC-6B4B-4617-AA42-C8815964B143}
RTFx Volume 2-->MsiExec.exe /I{08C8525A-1E21-4E90-81A6-ACA36A10908C}
Samsung SPH-i500 USB Driver and Tools-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E3E70877-8E21-4696-8346-EAC61BE59A3E}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sentinel System Driver 5.41.0 (32-bit)-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Sorenson Squeeze-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88BFBE72-7E9C-4DED-AF1D-1245ACE3C213}\setup.exe" -l0x9 -uninst
SoundTaxi 3.2.0-->"C:\Program Files\SoundTaxi\unins000.exe"
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Studio 10 Bonus DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}\Setup.exe" -l0x9 UNINSTALL
Studio 10.5 Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08E2EC5A-9C9D-4472-AB52-4165774BB8D8}\setup.exe" -l0x9 UNINSTALL
Studio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup.exe" -l0x9 UNINSTALL
Studio 11 Bonus DVD-->C:\Program Files\InstallShield Installation Information\{45A1BF92-700A-4408-B95E-79F462E3D67D}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
SureThing Express Labeler-->"C:\Program Files\SureThing Express Labeler\unins000.exe"
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TVUPlayer 2.4.5.3-->C:\Program Files\TVUPlayer\uninst.exe
Uninstall 35mm Film Scanner-->C:\WINDOWS\FILMSCANuns.exe USB\Vid_05a9&PID_35E3 35mm Film Scanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Video Piggy-->MsiExec.exe /I{80BCADCC-377A-456F-A90B-CA095374042B}
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Walmart MP3 Music Downloads-->C:\Program Files\Walmart MP3 Music Downloads\uninstall.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Powertools 4.0-->C:\Program Files\Windows Powertools 4.0\uninstall.exe
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Spyware Doctor with AntiVirus

======System event log======

Computer Name: EMACHINE
Event Code: 8003
Message: The master browser has received a server announcement from the computer BRENDAN-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{500950B7-54BE-46E.
The master browser is stopping or an election is being forced.

Record Number: 25099
Source Name: MRxSmb
Time Written: 20091110141750.000000-300
Event Type: error
User:

Computer Name: EMACHINE
Event Code: 8003
Message: The master browser has received a server announcement from the computer LORRAINE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{500950B7-54BE-46.
The master browser is stopping or an election is being forced.

Record Number: 25098
Source Name: MRxSmb
Time Written: 20091110130556.000000-300
Event Type: error
User:

Computer Name: EMACHINE
Event Code: 8003
Message: The master browser has received a server announcement from the computer LORRAINE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{500950B7-54BE-46.
The master browser is stopping or an election is being forced.

Record Number: 25097
Source Name: MRxSmb
Time Written: 20091110120416.000000-300
Event Type: error
User:

Computer Name: EMACHINE
Event Code: 8003
Message: The master browser has received a server announcement from the computer LORRAINE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{500950B7-54BE-46.
The master browser is stopping or an election is being forced.

Record Number: 25096
Source Name: MRxSmb
Time Written: 20091110110410.000000-300
Event Type: error
User:

Computer Name: EMACHINE
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 25095
Source Name: W32Time
Time Written: 20091110102330.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: EMACHINE
Event Code: 20
Message:
Record Number: 4248
Source Name: Google Update
Time Written: 20090906205605.000000-240
Event Type: error
User: EMACHINE\Owner

Computer Name: EMACHINE
Event Code: 20
Message:
Record Number: 4247
Source Name: Google Update
Time Written: 20090906195605.000000-240
Event Type: error
User: EMACHINE\Owner

Computer Name: EMACHINE
Event Code: 20
Message:
Record Number: 4246
Source Name: Google Update
Time Written: 20090906185605.000000-240
Event Type: error
User: EMACHINE\Owner

Computer Name: EMACHINE
Event Code: 20
Message:
Record Number: 4245
Source Name: Google Update
Time Written: 20090906175605.000000-240
Event Type: error
User: EMACHINE\Owner

Computer Name: EMACHINE
Event Code: 20
Message:
Record Number: 4244
Source Name: Google Update
Time Written: 20090906165605.000000-240
Event Type: error
User: EMACHINE\Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Pinnacle\Shared Files\Filter\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Terry


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 07 March 2010 - 11:19 AM

Hi Terry,

It look like Malwarebytes has done most of the work, can you tell me how the computer is running and if you are still having any issues?


Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the icon on your desktop.
  • Paste the following code under the area. Do not include the word "Code".
    CODE
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"=-
    ""=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "SpySweeper"=-
    "Picasa Media Detector"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    :Files
    :Commands
    [Purity]
    [EmptyTemp]
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



You have Viewpoint installed, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following logs:
  • OTM results
  • Gmer log
  • New Rsit log.txt

Thanks

unite.jpg


#5 orterrym

orterrym
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 08 March 2010 - 05:37 AM

Hi Syler,

I ran everything as prescribed.

Here is my OTM Log:

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpySweeper deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Picasa Media Detector deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 166341 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 379796 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7706666 bytes
->Java cache emptied: 25954 bytes
->Flash cache emptied: 8150 bytes

User: Owner
->Temp folder emptied: 427156866 bytes
->Temporary Internet Files folder emptied: 61633697 bytes
->Java cache emptied: 13387872 bytes
->FireFox cache emptied: 103573043 bytes
->Google Chrome cache emptied: 42413509 bytes
->Flash cache emptied: 2022706 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 751046 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30651764 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12974220 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2429107 bytes
RecycleBin emptied: 1305246 bytes

Total Files Cleaned = 674.00 mb


OTM by OldTimer - Version 3.1.10.0 log created on 03072010_163408

Files moved on Reboot...
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y9S3EH4P\map[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OHQ3G1AR\cuisine[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\59e56f69-4e6c7778 moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\591ffc59-34fef534 moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\21\7db12cd5-4a8475ce moved successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9QVSDQ7\72N2D.com%2Fsearch%3Fhl%3Den%26q%3Dcamcorders&lmt=1197137829&dt=1197137829518&cc=5730&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=15&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9QVSDQ7\72YS.php%3Fp%3DQ%26ts%3Dv2%26w%3Dvideo%2Bediting%2BHD&lmt=1197139166&dt=1197139275161&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=27&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9QVSDQ7\CA0VQZIV.php%3Ft%3D134164%26page%3D1&lmt=1197139592&dt=1197139592226&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=28&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9QVSDQ7\CACDSPXN.php%3Fp%3DQ%26ts%3Dv2%26w%3Dhdr-sr1&lmt=1197139097&dt=1197139097755&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=25&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9QVSDQ7\CAEZ4JIN.php%3Fp%3DQ%26ts%3Dv2%26w%3Dhdr-sr1&lmt=1197139096&dt=1197139096781&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=25&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9QVSDQ7\CAGVMFX3.php%3Ft%3D134164%26page%3D1&lmt=1197139591&dt=1197139591684&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=28&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9QVSDQ7\KARKH.com%2Fsearch%3Fhl%3Den%26q%3Dcamcorders&lmt=1197137829&dt=1197137829076&cc=5730&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=15&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9QVSDQ7\O38N.php%3Fp%3DQ%26ts%3Dv2%26w%3Dvideo%2Bediting%2BHD&lmt=1197139166&dt=1197139275683&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=27&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9QVSDQ7\V4XUF.com%2Fsearch%3Fhl%3Den%26q%3Dcamcorders&lmt=1197137830&dt=1197137830713&cc=5730&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=15&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPU38TI7\6QEF.php%3Fp%3DQ%26ts%3Dv2%26w%3Dvideo%2Bediting%2BHD&lmt=1197139166&dt=1197139274941&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=27&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPU38TI7\90G18.com%2Fsearch%3Fhl%3Den%26q%3Dcamcorders&lmt=1197137830&dt=1197137830100&cc=5730&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=15&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPU38TI7\CA67S5EF.php%3Ft%3D134164%26page%3D1&lmt=1197139592&dt=1197139592115&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=28&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPU38TI7\CA8RIXID.php%3Fp%3DQ%26ts%3Dv2%26w%3Dhdr-sr1&lmt=1197139097&dt=1197139097323&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=25&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPU38TI7\CAJ4XZF3.php%3Ft%3D134164%26page%3D1&lmt=1197139591&dt=1197139591583&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=28&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPU38TI7\CAUMOSX1.php%3Fp%3DQ%26ts%3Dv2%26w%3Dhdr-sr1&lmt=1197139096&dt=1197139096691&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=25&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPU38TI7\XA1OB.com%2Fsearch%3Fhl%3Den%26q%3Dcamcorders&lmt=1197137829&dt=1197137829297&cc=5730&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=15&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPU38TI7\XVH2.php%3Fp%3DQ%26ts%3Dv2%26w%3Dvideo%2Bediting%2BHD&lmt=1197139166&dt=1197139276266&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=27&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\CA63M12V.php%3Fp%3DQ%26ts%3Dv2%26w%3Dhdr-sr1&lmt=1197139097&dt=1197139097233&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=25&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\CAAA76DH.php%3Ft%3D134164%26page%3D1&lmt=1197139592&dt=1197139592718&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=28&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\CABGBP8O.php%3Fp%3DQ%26ts%3Dv2%26w%3Dhdr-sr1&lmt=1197139096&dt=1197139096309&cc=99&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=25&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\CAF52KP5.php%3Ft%3D134164%26page%3D1&lmt=1197139591&dt=1197139591141&cc=99&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=28&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\CAODAN4H.php%3Fp%3DQ%26ts%3Dv2%26w%3Dhdr-sr1&lmt=1197139098&dt=1197139098478&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=25&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\CAOZUZ2B.php%3Ft%3D134164%26page%3D1&lmt=1197139591&dt=1197139591854&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=28&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\E74L.php%3Fp%3DQ%26ts%3Dv2%26w%3Dvideo%2Bediting%2BHD&lmt=1197139166&dt=1197139275252&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=27&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\K1SR.php%3Fp%3DQ%26ts%3Dv2%26w%3Dvideo%2Bediting%2BHD&lmt=1197139166&dt=1197139275774&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=27&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\L5LQT.com%2Fsearch%3Fhl%3Den%26q%3Dcamcorders&lmt=1197137830&dt=1197137830231&cc=5730&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=15&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\LSLA1.com%2Fsearch%3Fhl%3Den%26q%3Dcamcorders&lmt=1197137831&dt=1197137831315&cc=5730&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=15&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\t11c84p694;abr=!ie;kw=Firestore%2BFS-4PRO%2BHandheld%2BCamcorder%2BDisk%2BRecorder+%2B80GB%2B7411569%2BVideonics%2BCameras%2BVideo%2BEquipment%2BGeneral%2BVideo%2BEquipment[1] not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MBKXQV\t11c84p694;kw=Firestore%2BFS-4PRO%2BHandheld%2BCamcorder%2BDisk%2BRecorder%2B%2B80GB%2B7411569%2BVideonics%2BCameras%2BVideo%2BEquipment%2BGeneral%2BVideo%2BEquipment;pos=g[1] not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\BJL51HH2\0EOCMD.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140385&dt=1197140496665&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=39&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\BJL51HH2\4W2L7S.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140785&dt=1197140897709&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=29&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\BJL51HH2\CAMJ0PU7.php%3Ft%3D138757%26goto%3Dnextnewest&lmt=1197140617&dt=1197140617168&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=44&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\BJL51HH2\CAOL2RKT.php%3Ft%3D138757%26goto%3Dnextnewest&lmt=1197140618&dt=1197140618483&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=44&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\BJL51HH2\CAU18H6L.php%3Ft%3D138757%26goto%3Dnextnewest&lmt=1197140618&dt=1197140618032&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=44&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\BJL51HH2\I7GTQV.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140385&dt=1197140497298&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=39&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6P89SBCD\4HVS2.com%2Fsearch%3Fhl%3Den%26q%3Dcamcorders&lmt=1197137828&dt=1197137828845&cc=5730&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=15&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6P89SBCD\CA8B4I3I.php%3Ft%3D134164%26page%3D1&lmt=1197139592&dt=1197139592818&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=28&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6P89SBCD\CAAM1WWA.php%3Fp%3DQ%26ts%3Dv2%26w%3Dhdr-sr1&lmt=1197139096&dt=1197139096390&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=25&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6P89SBCD\CAFWG46V.php%3Ft%3D134164%26page%3D1&lmt=1197139591&dt=1197139591352&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=28&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6P89SBCD\CAMF41UV.php%3Fp%3DQ%26ts%3Dv2%26w%3Dhdr-sr1&lmt=1197139096&dt=1197139096972&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=25&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6P89SBCD\FLXA.php%3Fp%3DQ%26ts%3Dv2%26w%3Dvideo%2Bediting%2BHD&lmt=1197139166&dt=1197139274820&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=27&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6P89SBCD\S1MN.php%3Fp%3DQ%26ts%3Dv2%26w%3Dvideo%2Bediting%2BHD&lmt=1197139166&dt=1197139275422&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=27&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\3QFP59RZ\CATU8NBZ.php%3Ft%3D138757%26goto%3Dnextnewest&lmt=1197140617&dt=1197140617479&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=44&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\3QFP59RZ\CAXD1GAM.php%3Ft%3D138757%26goto%3Dnextnewest&lmt=1197140617&dt=1197140617941&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=44&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\3QFP59RZ\MLIRBD.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140785&dt=1197140897298&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=29&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\3QFP59RZ\QTZOV0.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140385&dt=1197140497970&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=39&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\3QFP59RZ\TFB9B9.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140785&dt=1197140898151&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=29&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\3QFP59RZ\Trav_Map&Dir;MN=93242248;u=r987015e3e15b4a13;w[1].%20lauderdale;co=usa;zip=33178;rm=1;!c=d-jav;!c=d-dxp;!c=d-pxp;!c=d-pnd;!c=d-pps;dcopt=ist;sz=728x90;tile=1;dcove=d;ord=104910194 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\3QFP59RZ\U56VUV.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140385&dt=1197140497037&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=39&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\3QFP59RZ\WI7QQ6.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140385&dt=1197140497649&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=39&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2Y65DH0Q\6R0P6R.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140785&dt=1197140898693&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=29&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2Y65DH0Q\CA7X3D12.php%3Ft%3D138757%26goto%3Dnextnewest&lmt=1197140617&dt=1197140617660&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=44&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2Y65DH0Q\CAEJG12R.php%3Ft%3D138757%26goto%3Dnextnewest&lmt=1197140617&dt=1197140617068&cc=99&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=44&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2Y65DH0Q\CAU6AJPI.php%3Ft%3D138757%26goto%3Dnextnewest&lmt=1197140618&dt=1197140618604&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=44&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2Y65DH0Q\EFWTYJ.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140385&dt=1197140497127&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=39&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2Y65DH0Q\QVVICB.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140785&dt=1197140898251&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=29&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2Y65DH0Q\site=ORLANDO-FL&affiliate=mons-ip&market=ORLANDO-FL&format=AAA&pagepos=3307&content1=four0four&content2=four0four300x250&tile=471153031&transactionID=127753354[1].htm not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2Y65DH0Q\site=ORLANDO-FL&affiliate=mons-ip&market=ORLANDO-FL&format=AAA&pagepos=3307&content1=four0four&content2=four0four300x250&tile=903548318&transactionID=686306111[1].htm not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2Y65DH0Q\WHY3O5.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140785&dt=1197140897006&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=29&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2F8RF41O\1R5M6W.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140385&dt=1197140497559&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=39&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2F8RF41O\2ZXE45.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140785&dt=1197140897890&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=29&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2F8RF41O\CA30KPHH.php%3Ft%3D138757%26goto%3Dnextnewest&lmt=1197140617&dt=1197140617379&cc=5990&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=44&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2F8RF41O\I3GXMJ.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140385&dt=1197140496786&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=39&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2F8RF41O\Trav_Map&Dir;MN=93242248;u=r987015e3e15b4a13;w[1].%20lauderdale;co=usa;zip=33178;rm=1;!c=d-jav;!c=d-dxp;!c=d-pxp;!c=d-pnd;!c=d-pps;dcopt=ist;sz=728x90;tile=1;dcove=d;ord=104413941 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2F8RF41O\Trav_Map&Dir;MN=93242248;u=r987015e3e15b4a13;w[1].%20lauderdale;co=usa;zip=33178;rm=1;!c=d-jav;!c=d-dxp;!c=d-pxp;!c=d-pnd;!c=d-pps;dcopt=ist;sz=728x90;tile=1;dcove=d;ord=104850489 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2F8RF41O\U1WLKX.php%3Fp%3DQ%26ts%3Dv2%26w%3Dsony%2Bdcr%2Bsr200&lmt=1197140785&dt=1197140896886&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=29&u_java=true&u_nplug=0&u_nmime=0 not found!
File C:\WINDOWS\temp\hsperfdata_SYSTEM\1124 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_f98.dat not found!

Registry entries deleted on Reboot...

Here is my GMER Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-08 05:15:59
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxlyapog.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xB9E39A1C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E4ECDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E4EED0]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xB9E39C10]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xB9E39CB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xB9E3990C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9E6ED60]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xB9E39E52]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xB9E3BB30]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xB9EE9794]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8840360, 0x1FE48D, 0xE8000020]
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xAA759300]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 008F000C
.text C:\WINDOWS\System32\svchost.exe[1156] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 03C4000A
.text C:\WINDOWS\System32\svchost.exe[1156] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 03BB000A
.text C:\WINDOWS\Explorer.EXE[1328] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1328] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1328] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3652] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 011A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3652] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 011B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3652] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007F000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8AF18CA1

---- Threads - GMER 1.0.15 ----

Thread System [4:316] 8A6512A0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Here is mt rsit log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-03-08 05:17:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (2%) free of 186 GB
Total RAM: 2943 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:17:39, on 3/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nerxy\Nerxy File Orgainzer\FileOrganiser.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer(2).zip\gmer.exe
C:\Documents and Settings\Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Nerxy] C:\Program Files\Nerxy\Nerxy File Orgainzer\FileOrganiser.exe /m
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 11911 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-366342919-3755530360-1970013960-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-366342919-3755530360-1970013960-1006UA.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-21 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-21 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"=C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2007-01-23 81920]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-14 14820864]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-09-18 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-18 7204864]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2005-05-03 543232]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-09-14 69632]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-20 30192]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-22 149280]
"Nikon Transfer Monitor"=C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2009-02-24 479232]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-02-15 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-06-02 1957888]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-20 1207080]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
"Nerxy"=C:\Program Files\Nerxy\Nerxy File Orgainzer\FileOrganiser.exe [2009-05-29 2003496]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"E6TaskPanel"=C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [2005-03-05 942080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1130652600\EE\AOLHostManager.exe [2004-11-03 125528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\BigFix.exe [2002-07-31 1742384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1130652600\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1130652600\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Moovida\moovida.exe"="C:\Program Files\Moovida\moovida.exe:*:Enabled:Moovida Media Center"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d022f13-5da7-11de-b899-0013d3cd633d}]
shell\AutoRun\command - L:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c0062f9-2cf7-11de-b891-0013d3cd633d}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c0062fb-2cf7-11de-b891-0013d3cd633d}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92318c61-46cb-11dc-b807-0013d3cd633d}]
shell\AutoRun\command - L:\LinksysConnectPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7a13431-abcb-11da-b7e0-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-03-07 16:34:08 ----D---- C:\_OTM
2010-03-07 16:30:59 ----D---- C:\WINDOWS\ERDNT
2010-03-07 16:30:48 ----D---- C:\Program Files\ERUNT
2010-03-07 10:40:04 ----D---- C:\rsit
2010-03-07 10:40:04 ----D---- C:\Program Files\trend micro
2010-03-07 10:35:24 ----D---- C:\Avenger
2010-03-07 10:19:46 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-03-07 10:19:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-07 10:19:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-02 20:49:47 ----A---- C:\TDSSKiller.2.2.7.1_02.03.2010_20.49.47_log.txt
2010-03-02 19:12:47 ----D---- C:\Documents and Settings\Owner\Application Data\Template
2010-02-27 13:28:53 ----D---- C:\Program Files\QuickTime
2010-02-27 13:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-19 21:40:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-19 21:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-19 21:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-19 21:35:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-19 21:35:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-19 21:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-19 21:34:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-19 21:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-19 21:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-19 06:36:37 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-03-08 05:17:39 ----D---- C:\WINDOWS\Prefetch
2010-03-08 00:09:49 ----D---- C:\Documents and Settings\Owner\Application Data\skypePM
2010-03-07 19:04:26 ----D---- C:\Program Files\make cd
2010-03-07 16:51:54 ----D---- C:\WINDOWS\Temp
2010-03-07 16:50:03 ----RD---- C:\Program Files
2010-03-07 16:40:07 ----D---- C:\Program Files\Mozilla Firefox
2010-03-07 16:39:39 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-03-07 16:39:30 ----D---- C:\WINDOWS\system32\Lang
2010-03-07 16:39:27 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2010-03-07 16:39:18 ----D---- C:\WINDOWS
2010-03-07 16:38:06 ----D---- C:\WINDOWS\Registration
2010-03-07 16:37:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-07 16:36:23 ----D---- C:\WINDOWS\system32
2010-03-07 16:36:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-07 10:35:24 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2010-03-07 10:35:24 ----D---- C:\WINDOWS\system32\drivers
2010-03-07 10:17:55 ----D---- C:\WINDOWS\system32\978224938
2010-03-06 11:06:31 ----D---- C:\Documents and Settings\Owner\Application Data\ComcastToolbar
2010-03-06 05:13:09 ----SHD---- C:\WINDOWS\Installer
2010-03-06 05:13:05 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-02-28 14:53:01 ----D---- C:\Program Files\Spyware Doctor
2010-02-27 18:02:45 ----D---- C:\Program Files\AdorageI-GfxDatas
2010-02-27 13:17:26 ----HD---- C:\WINDOWS\inf
2010-02-21 21:24:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-21 17:43:27 ----D---- C:\WINDOWS\Minidump
2010-02-19 21:40:17 ----A---- C:\WINDOWS\imsins.BAK
2010-02-19 21:40:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-19 21:39:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-15 20:23:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-12 20:50:18 ----D---- C:\WINDOWS\twain_32
2010-02-12 20:16:33 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-28 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-28 2560]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-10-30 8552]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-09-26 76288]
R3 ASAPIW2K;ASAPIW2K; \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-14 3856896]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MovRVDrv32;MovRVDrv32; C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-12-28 3768]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-18 3493984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-12-28 513152]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 APL531;35mm Film Scanner; C:\WINDOWS\System32\Drivers\FILMSCAN.sys [2006-07-31 580992]
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 fxlyapog;fxlyapog; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\fxlyapog.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-07-18 16509]
S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S3 PinnacleMarvinUsb;Pinnacle Systems Service for MovieBox Deluxe, 500-USB and 700-USB; C:\WINDOWS\system32\DRIVERS\MarvinUsb.sys [2007-01-23 441472]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNTNLUSB;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2002-09-26 26120]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2002-10-23 43184]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2002-10-23 6032]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2002-10-23 77264]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
R2 EarthLinkMonitor;EarthLink Monitor Service; C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [2005-01-26 65604]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-22 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-18 131139]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-10-30 172032]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-20 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-20 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2007-12-28 184320]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-11-12 70928]
S4 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Seems to be "somewhat" better, but still not 100%. Before in google search about 8 out of 10 times it would redirect, now about 2 out of 10 times it redirects.
Also, once we get it fixed, ( you get it fixed ), what anit-virus would you reccomend. I ran McAfee for several years, it was running when I got infected, it did not prevent the virus and it could not fix the problem.
I loaded PC Doctor, and it would find virus everyday and clean, but it could not get rid of the exisiting problem.

Thanks!

Terry



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 08 March 2010 - 04:04 PM

Hi Terry,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 orterrym

orterrym
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 08 March 2010 - 08:10 PM

Hi Syler,

I ran combo fix, here is the log:

ComboFix 10-03-08.01 - Owner 03/08/2010 19:43:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2566 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\0200000048cc34e5716C.manifest
c:\documents and settings\Owner\Application Data\0200000048cc34e5716O.manifest
c:\documents and settings\Owner\Application Data\0200000048cc34e5716P.manifest
c:\documents and settings\Owner\Application Data\0200000048cc34e5716S.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{0686eae3-77b5-4561-93b0-b7a350404173}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{0686eae3-77b5-4561-93b0-b7a350404173}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{0686eae3-77b5-4561-93b0-b7a350404173}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{0686eae3-77b5-4561-93b0-b7a350404173}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{0686eae3-77b5-4561-93b0-b7a350404173}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{200f5f7b-de29-4919-9f78-9244763d0c73}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{200f5f7b-de29-4919-9f78-9244763d0c73}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{200f5f7b-de29-4919-9f78-9244763d0c73}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{200f5f7b-de29-4919-9f78-9244763d0c73}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{200f5f7b-de29-4919-9f78-9244763d0c73}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{223e0fcb-b62a-4a2d-b20d-3120b592c3f6}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{223e0fcb-b62a-4a2d-b20d-3120b592c3f6}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{223e0fcb-b62a-4a2d-b20d-3120b592c3f6}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{223e0fcb-b62a-4a2d-b20d-3120b592c3f6}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{223e0fcb-b62a-4a2d-b20d-3120b592c3f6}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{2f8d2ed8-0d48-4dd1-a606-820bdd7852ef}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{2f8d2ed8-0d48-4dd1-a606-820bdd7852ef}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{2f8d2ed8-0d48-4dd1-a606-820bdd7852ef}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{2f8d2ed8-0d48-4dd1-a606-820bdd7852ef}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{2f8d2ed8-0d48-4dd1-a606-820bdd7852ef}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{7155241d-40dc-47c5-b2e8-6491509fbc2f}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{7155241d-40dc-47c5-b2e8-6491509fbc2f}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{7155241d-40dc-47c5-b2e8-6491509fbc2f}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{7155241d-40dc-47c5-b2e8-6491509fbc2f}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{7155241d-40dc-47c5-b2e8-6491509fbc2f}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{7de878f7-27e8-44b2-82d2-6ac3f7b3fc8c}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{7de878f7-27e8-44b2-82d2-6ac3f7b3fc8c}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{7de878f7-27e8-44b2-82d2-6ac3f7b3fc8c}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{7de878f7-27e8-44b2-82d2-6ac3f7b3fc8c}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{7de878f7-27e8-44b2-82d2-6ac3f7b3fc8c}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{90a7dc82-9f6b-41f1-b63e-df74f67544e6}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{90a7dc82-9f6b-41f1-b63e-df74f67544e6}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{90a7dc82-9f6b-41f1-b63e-df74f67544e6}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{90a7dc82-9f6b-41f1-b63e-df74f67544e6}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{90a7dc82-9f6b-41f1-b63e-df74f67544e6}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{96e5bda2-d623-41fc-9bfc-132cae3a15be}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{96e5bda2-d623-41fc-9bfc-132cae3a15be}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{96e5bda2-d623-41fc-9bfc-132cae3a15be}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{96e5bda2-d623-41fc-9bfc-132cae3a15be}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{96e5bda2-d623-41fc-9bfc-132cae3a15be}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{a3b5433c-dc2d-4520-83c8-5f3463376fda}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{a3b5433c-dc2d-4520-83c8-5f3463376fda}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{a3b5433c-dc2d-4520-83c8-5f3463376fda}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{a3b5433c-dc2d-4520-83c8-5f3463376fda}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{a3b5433c-dc2d-4520-83c8-5f3463376fda}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{cbba78f7-bc58-4e32-885a-1875a88f7d5b}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{cbba78f7-bc58-4e32-885a-1875a88f7d5b}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{cbba78f7-bc58-4e32-885a-1875a88f7d5b}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{cbba78f7-bc58-4e32-885a-1875a88f7d5b}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{cbba78f7-bc58-4e32-885a-1875a88f7d5b}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{d3cfbbf8-e68f-4832-9477-f1d623d3f142}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{d3cfbbf8-e68f-4832-9477-f1d623d3f142}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{d3cfbbf8-e68f-4832-9477-f1d623d3f142}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{d3cfbbf8-e68f-4832-9477-f1d623d3f142}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{d3cfbbf8-e68f-4832-9477-f1d623d3f142}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{e3fc7ca5-57fe-4719-a294-b18860055d24}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{e3fc7ca5-57fe-4719-a294-b18860055d24}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{e3fc7ca5-57fe-4719-a294-b18860055d24}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{e3fc7ca5-57fe-4719-a294-b18860055d24}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{e3fc7ca5-57fe-4719-a294-b18860055d24}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{e7d5fa91-6a89-4233-8177-b92fce0e6b65}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{e7d5fa91-6a89-4233-8177-b92fce0e6b65}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{e7d5fa91-6a89-4233-8177-b92fce0e6b65}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{e7d5fa91-6a89-4233-8177-b92fce0e6b65}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{e7d5fa91-6a89-4233-8177-b92fce0e6b65}\install.rdf
C:\LOG.TXT
c:\recycler\S-1-5-21-11457409-3420883336-2810106368-500
c:\recycler\S-1-5-21-1590580893-40798335-178600853-500
c:\recycler\S-1-5-21-3462389463-4017558345-1778031126-500
c:\recycler\S-1-5-21-4148369516-415066616-1619009671-500
c:\windows\EventSystem.log
c:\windows\jestertb.dll
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\29358.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\6334.exe
c:\windows\system32\978224938
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\unrar.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\wiaservv.log
C:\xcrashdump.dat
D:\Autorun.inf
L:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-07 21:34 . 2010-03-07 21:34 -------- d-----w- C:\_OTM
2010-03-07 21:30 . 2010-03-07 21:30 -------- d-----w- c:\program files\ERUNT
2010-03-07 15:40 . 2010-03-08 10:18 -------- d-----w- C:\rsit
2010-03-07 15:40 . 2010-03-08 10:17 -------- d-----w- c:\program files\trend micro
2010-03-07 15:19 . 2010-03-07 15:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-07 15:19 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 15:19 . 2010-03-07 15:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 15:19 . 2010-03-07 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-07 15:19 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-03 00:12 . 2010-03-03 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Template
2010-02-27 18:28 . 2010-02-27 18:30 -------- d-----w- c:\program files\QuickTime
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 00:30 . 2010-02-06 23:02 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-03-09 00:25 . 2008-10-18 21:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-09 00:25 . 2010-01-10 03:36 -------- d-----w- c:\program files\Spyware Doctor
2010-03-08 00:04 . 2006-09-10 19:03 -------- d-----w- c:\program files\make cd
2010-03-07 21:39 . 2010-02-06 22:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-03-07 17:10 . 2007-04-18 01:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-07 15:17 . 2005-01-10 01:26 156328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 16:06 . 2008-04-02 16:47 -------- d-----w- c:\documents and settings\Owner\Application Data\ComcastToolbar
2010-03-06 10:13 . 2008-03-18 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-03 00:45 . 2009-10-26 00:06 474 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-03-02 00:49 . 2010-01-16 18:50 131 ----a-w- c:\documents and settings\Owner\udpcrawl.tmp
2010-02-27 23:02 . 2006-03-04 22:53 -------- d-----w- c:\program files\AdorageI-GfxDatas
2010-02-06 23:02 . 2010-02-06 23:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-06 22:58 . 2010-02-06 22:57 -------- d-----r- c:\program files\Skype
2010-02-06 22:57 . 2010-02-06 22:57 -------- d-----w- c:\program files\Common Files\Skype
2010-02-06 22:57 . 2010-02-06 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-31 01:45 . 2006-05-08 22:17 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2010-01-30 11:35 . 2008-11-15 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-22 12:02 . 2009-10-30 00:35 -------- d-----w- c:\program files\McAfee Security Scan
2010-01-22 11:58 . 2010-01-22 11:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-22 11:58 . 2009-11-27 03:30 -------- d-----w- c:\program files\Java
2010-01-16 18:59 . 2010-01-16 18:49 -------- d-----w- c:\program files\FileASSASSIN
2010-01-16 18:59 . 2010-01-16 18:43 -------- d-----w- c:\program files\Desktop Hijack Fix
2010-01-16 18:58 . 2005-10-30 06:04 -------- d-----w- c:\program files\Google
2010-01-16 18:43 . 2010-01-16 18:43 249856 ------w- c:\windows\Setup1.exe
2010-01-16 18:43 . 2010-01-16 18:43 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-10 03:39 . 2008-10-19 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-05 10:00 . 2005-01-09 23:48 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-01-09 23:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-01-09 23:47 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2005-01-09 23:48 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-20 12:47 . 2009-12-05 23:21 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-12-20 12:20 . 2009-12-05 23:18 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-12-16 18:43 . 2005-01-10 01:05 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2005-01-09 23:47 33280 ----a-w- c:\windows\system32\csrsrv.dll
2002-07-26 21:02 . 2007-04-09 23:07 153088 ----a-w- c:\program files\UNWISE.EXE
2009-11-20 08:15 . 2009-06-25 00:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-22 133104]
"Nerxy"="c:\program files\Nerxy\Nerxy File Orgainzer\FileOrganiser.exe" [2009-05-29 2003496]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-03-05 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"CHotkey"="zHotkey.exe" [2005-05-03 543232]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-20 30192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-22 149280]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-7-18 299008]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-7-21 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-19 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1130652600\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130652600\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Moovida\\moovida.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 11:47 AM 65604]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [1/24/2008 11:00 PM 3768]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 APL531;35mm Film Scanner;c:\windows\system32\drivers\FilmScan.sys [7/31/2006 3:44 PM 580992]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/24/2009 7:41 PM 30192]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [1/25/2008 5:28 PM 184320]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-366342919-3755530360-1970013960-1006Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-22 14:09]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-366342919-3755530360-1970013960-1006UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-22 14:09]

2006-03-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-01-10 00:12]

2010-03-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2010-03-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2010-03-09 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-07-08 14:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - eMusic Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k03mz983.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplalaDl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-35mm Film Scanner - c:\windows\FILMSCANuns.exe USB\Vid_05a9&PID_35E3 35mm Film Scanner
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 19:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\Perflib_Perfdata_bf8.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll

- - - - - - - > 'explorer.exe'(2100)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\windows\RTHDCPL.EXE
c:\windows\zHotkey.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-03-08 20:05:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-09 01:05

Pre-Run: 3,218,698,240 bytes free
Post-Run: 3,199,197,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - E1D41B2AE40DD1E736D5202BAF384674

Let me know what I should do next..

Thanks!

Terry


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 08 March 2010 - 08:30 PM

That looking better now, can you tell me how it's running and if you are having any more problems?

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.TFC(Temp File Cleaner):



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, Aclick on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Kaspersky report
  • New DDS log

Thanks

unite.jpg


#9 orterrym

orterrym
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 09 March 2010 - 07:10 PM

Hi Syler,

I ran the everything as noted, then ran the kaspersky scan. The previous scans primarily ran against my C drive, for the kaspersky I select My Computer, and it also scanned D and L, L is a USB attached drive, 1 terrabyte. I do not think it was scanned before.

Total scan time was over 11 hours.

Here is the kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, March 9, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, March 08, 2010 22:59:37
Records in database: 3742030
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
L:\

Scan statistics:
Objects scanned: 659867
Threats found: 6
Infected objects found: 30
Suspicious objects found: 0
Scan duration: 12:40:39


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Infected: Rootkit.Win32.Tdss.ai 1
D:\i386\Apps\App01980\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App03011\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App03541\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App10402\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App12072\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App13797\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App17014\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App18467\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App20164\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App21287\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App23093\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App23330\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App24081\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App32136\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App17981\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
D:\i386\Apps\App25433\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App26163\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
D:\i386\Apps\App26841\oobeconfig.exe Infected: Trojan.Win32.Vilsel.utk 1
L:\Old Computer\Documents and Settings\Desktop\desktop\Terry's Backup\C\Program Files\Expertcity\GoToMyPC\g2hook.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a 1
L:\Old Computer\Documents and Settings\Desktop\desktop\Terry's Backup\C\Program Files\Expertcity\GoToMyPC\gotomon.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a 1
L:\Old Computer\Documents and Settings\Desktop\desktop\Terry's Backup\C\Program Files\Navnt\Quarantine\27E63EE6.EXE Infected: Email-Worm.Win32.Magistr.a 1
L:\Old Computer\Documents and Settings\Desktop\desktop\Terry's Backup\D\FileCab\FileCab3\Shawn\impac.exe Infected: Hoax.Win16.Pornovir 1
L:\Old Computer\Documents and Settings\Desktop\desktop\Work files Saved Aug 26\FileCab\FileCab3\Shawn\impac.exe Infected: Hoax.Win16.Pornovir 1
L:\Second MyBook\Old PC Backups\Desktop\desktop\Terry's Backup\C\Program Files\Expertcity\GoToMyPC\g2hook.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a 1
L:\Second MyBook\Old PC Backups\Desktop\desktop\Terry's Backup\C\Program Files\Expertcity\GoToMyPC\gotomon.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a 1
L:\Second MyBook\Old PC Backups\Desktop\desktop\Terry's Backup\C\Program Files\Navnt\Quarantine\27E63EE6.EXE Infected: Email-Worm.Win32.Magistr.a 1
L:\Second MyBook\Work Backups\Backup Of Old Laptop All Drives\Terry's Backup\C\Program Files\Expertcity\GoToMyPC\g2hook.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a 1
L:\Second MyBook\Work Backups\Backup Of Old Laptop All Drives\Terry's Backup\C\Program Files\Expertcity\GoToMyPC\gotomon.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a 1
L:\Second MyBook\Work Backups\Backup Of Old Laptop All Drives\Terry's Backup\C\Program Files\Navnt\Quarantine\27E63EE6.EXE Infected: Email-Worm.Win32.Magistr.a 1

Selected area has been scanned.


You also said to attach the DDS log, but not sure what that is.

Terry


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 09 March 2010 - 07:24 PM

DDs is the tool you ran in your first post, can you tell me if you are having any more problems??

unite.jpg


#11 orterrym

orterrym
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 09 March 2010 - 08:27 PM

Here is my new DDS log


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 20:21:32.97 on Tue 03/09/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2070 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Owner\Local Settings\temp\jkos-Owner\binaries\ScanningProcess.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Nerxy] c:\program files\nerxy\nerxy file orgainzer\FileOrganiser.exe /m
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\earthlink totalaccess\accelerator\prplsf.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0013-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.0/jinstall-1_3_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\k03mz983.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - eMusic Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\k03mz983.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\k03mz983.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\k03mz983.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\k03mz983.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\k03mz983.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplalaDl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink totalaccess\wengine\wmonitor.exe [2005-1-26 65604]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-1-24 3768]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 APL531;35mm Film Scanner;c:\windows\system32\drivers\FilmScan.sys [2006-7-31 580992]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [2004-11-1 17536]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-6-24 30192]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-1-25 184320]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2010-03-09 02:15:04 16258848 ----a-w- c:\documents and settings\owner\jre-6u18-windows-i586.exe
2010-03-09 02:14:37 0 d-----w- c:\documents and settings\owner\.SunDownloadManager
2010-03-09 00:33:38 0 d-sha-r- C:\cmdcons
2010-03-09 00:31:23 98816 ----a-w- c:\windows\sed.exe
2010-03-09 00:31:23 77312 ----a-w- c:\windows\MBR.exe
2010-03-09 00:31:23 261632 ----a-w- c:\windows\PEV.exe
2010-03-09 00:31:23 161792 ----a-w- c:\windows\SWREG.exe
2010-03-07 21:34:08 0 d-----w- C:\_OTM
2010-03-07 15:40:04 0 d-----w- c:\program files\trend micro
2010-03-07 15:19:46 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-03-07 15:19:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 15:19:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 15:19:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 15:19:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-28 20:00:41 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-15 23:50:20 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-02-15 23:50:20 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-03-09 01:20:32 156328 ----a-w- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2010-03-03 00:45:17 474 ----a-w- c:\docume~1\owner\applic~1\wklnhst.dat
2010-01-22 11:58:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-16 18:43:22 249856 ------w- c:\windows\Setup1.exe
2010-01-16 18:43:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-05 10:00:29 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll
2009-12-20 12:47:52 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2009-12-20 12:20:07 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2002-07-26 21:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2009-01-11 02:38:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011020090111\index.dat
2009-01-18 17:30:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011820090119\index.dat

============= FINISH: 20:22:29.76 ===============


I ran a google search, 10 for 10 links, no redirects...
seems to be good!!


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 09 March 2010 - 09:20 PM

Your logs are looking ok, but it appear you have uninstalled your AntiVirus so you now have no AV running, please install an AntiVirus
and run a full scan and post the results if it finds any thing and a new DDS log.


  • Go to Start >> Run, and type Notepad into the run box, then click Ok.
  • Copy and paste the following code into Notepad. ( Do not include the word "CODE")
CODE
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"=-
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=-
  • Click on the File tab, and select Save.
  • In the box that opens type fix.reg for the File name.
  • Change the Save as type to All Files, then save it to your Desktop. (It should look like this )
  • Double click fix.reg, Select yes when it prompts you, then Ok.



I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

unite.jpg


#13 orterrym

orterrym
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 10 March 2010 - 06:38 PM

I downloaded avast, and launched a full system scan this morning before I went to work. When I came back, it had scanned 173 gb, run time 12 hours, my C drive is 185 gb.
However it only showed 1% done, and it seemed to be stuck. I clicked on stop scan, it had found 1 infection, which it deleted. I ran a new dds log, which is attached.

Everything seems to be working ok.

Terry

Attached Files



#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 10 March 2010 - 06:51 PM

I see you haven't uninstalled your old java and installed the latest one, you really do need to do that. Your logs are looking
ok though so we can wrap this up now.

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there.



Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Calendar of Updates or you can install Secunia PSI.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is
susceptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block
outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
Here are some free firewalls, you only need to install one of these.

Zone Alarm
Outpost
PC Tools

After you install the third party firewall disable your Windows firewall. Go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install an AntiSpyware Program
It is recommended that you have an Anti Spyware program installed alongside your Ani Virus, to add an extra layer of protection.
You should update and scan with it as you would with your Anti Virus, Most Anti Spyware programs don't have active protection,
unless you have a paid version, so in that case you can have more than one installed for scanning purposes but you also don't
want to bloat your computer with these programs, so I would recommend having no more than two installed.

SuperAntiSpyware
Spybot - Search & Destroy
Ad-aware

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 12 March 2010 - 08:09 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users