Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Bookit


  • This topic is locked This topic is locked
5 replies to this topic

#1 junyajax

junyajax

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 13 July 2010 - 08:36 PM

I have been working with a mod in the Am I infected board. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/330625/hidden-malware/ ~ OB I was asked to start a thread here. My browser, and audio wave control are being hijacked constantly. Thanx for any and all help.

Here is the mod requested DDS file. Also attached are the requested attach.txt, and Ark.txt files. Please let me know where to go from here.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Betty at 16:47:25.62 on Mon 07/12/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2312 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

svchost.exe 4
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe 4
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Betty\Desktop\Defogger.exe
C:\Documents and Settings\Betty\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com/
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\betty\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" delay 20000
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [EPSON Stylus CX6000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibia.exe /fu "c:\windows\temp\E_S96.tmp" /EF "HKLM"
mRun: [MBBalloon] c:\program files\hotalbummybox\MBBalloon.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SigmatelSysTrayApp] stsystra.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262838483900
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262844590328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-9 64288]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2010-3-23 15172]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-6 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-7-9 532224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-6 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-6 40384]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-6 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-6 40384]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys --> c:\windows\system32\drivers\avgntflt.sys [?]
S3 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]

=============== Created Last 30 ================

2010-07-10 23:55:07 118647 ----a-w- C:\MGlogs.zip
2010-07-10 23:55:04 0 d-----w- C:\MGtools
2010-07-10 23:40:00 0 d-----w- c:\docume~1\betty\applic~1\SUPERAntiSpyware.com
2010-07-10 23:40:00 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-10 23:39:52 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-10 23:34:55 0 ----a-w- c:\documents and settings\betty\defogger_reenable
2010-07-10 22:07:16 0 d-----w- c:\docume~1\betty\applic~1\Uniblue
2010-07-10 20:21:35 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-07-10 20:21:32 0 d-----w- c:\program files\Security Task Manager
2010-07-10 02:01:16 0 d-----w- c:\docume~1\betty\applic~1\CheckPoint
2010-07-10 02:01:01 0 d-----w- c:\program files\Conduit
2010-07-10 02:00:54 0 d-----w- c:\program files\ZoneAlarm
2010-07-10 01:59:45 0 d-----w- c:\program files\CheckPoint
2010-07-10 01:59:43 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-10 01:58:31 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-07-10 01:58:30 421442 ----a-w- c:\windows\system32\vsconfig.xml
2010-07-10 01:58:30 0 d-----w- c:\windows\system32\ZoneLabs
2010-07-10 01:58:29 0 d-----w- c:\program files\Zone Labs
2010-07-10 00:03:56 282624 ----a-w- c:\windows\stsystra.exe
2010-07-10 00:03:56 1052672 ----a-w- c:\windows\system32\stlang.dll
2010-07-10 00:03:25 112128 ----a-w- c:\windows\system32\staco.dll
2010-07-10 00:03:23 1156648 ----a-w- c:\windows\system32\drivers\sthda.sys
2010-07-10 00:03:22 208896 ----a-w- c:\windows\system32\stacapi.dll
2010-07-10 00:03:21 0 d-----w- c:\program files\SigmaTel
2010-07-09 23:59:48 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-09 23:52:13 112128 ----a-w- c:\windows\system32\staco(9).dll
2010-07-09 23:52:13 112128 ----a-w- c:\windows\system32\staco(8).dll
2010-07-09 23:52:13 112128 ----a-w- c:\windows\system32\staco(7).dll
2010-07-09 23:52:13 112128 ----a-w- c:\windows\system32\staco(6).dll
2010-07-09 23:38:55 112128 ----a-w- c:\windows\system32\staco(5).dll
2010-07-09 23:38:55 112128 ----a-w- c:\windows\system32\staco(4).dll
2010-07-09 23:38:55 112128 ----a-w- c:\windows\system32\staco(3).dll
2010-07-09 23:38:55 112128 ----a-w- c:\windows\system32\staco(2).dll
2010-07-09 23:04:19 0 d-----w- C:\cabs
2010-07-09 22:40:48 146048 ------w- c:\windows\system32\drivers\SET1D.tmp
2010-07-09 22:30:25 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-09 21:24:36 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-09 21:24:35 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-09 21:24:08 0 d-----w- c:\windows\Internet Logs
2010-07-09 21:18:29 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-09 19:43:06 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-07-09 19:43:06 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-07-09 19:02:27 0 d-----w- c:\windows\pss
2010-07-09 11:13:15 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-09 03:55:26 0 d-----w- c:\program files\Trend Micro
2010-07-08 22:44:02 0 d-----w- c:\program files\IDT
2010-07-08 14:40:53 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-08 01:23:39 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 00:21:44 0 d-----w- c:\windows\system32\appmgmt
2010-07-08 00:19:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-07-08 00:13:38 0 d-----w- c:\program files\Microsoft
2010-07-08 00:13:37 0 d-----w- c:\program files\MSN Toolbar
2010-07-08 00:13:00 0 d-----w- c:\program files\MSN Toolbar Installer
2010-07-08 00:12:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-07-07 01:32:33 38848 ----a-w- c:\windows\avastSS.scr
2010-07-07 01:32:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-07 01:25:52 0 d-----w- c:\docume~1\betty\applic~1\Malwarebytes
2010-07-07 01:25:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 01:25:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-07 01:25:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 01:25:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 01:23:12 0 d-----w- c:\program files\Free Window Registry Repair
2010-07-07 01:04:41 0 d-----w- C:\90f0a35c346e129d63
2010-07-07 00:59:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 16:48:07.53 ===============

I was also asked to post this and answer the three questions.


Bootkit Remover version 1.0.0.1
2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 454f8f8f464d74f8b4b6306cbff41597

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix


Press any key to quit...


And answer these questions...
•Is this a DELL computer?----Yes
•You have 2 hard drives on this computer, correct?----No
•Do you have multiple operating systems installed?
----No

Attached Files


Edited by Orange Blossom, 13 July 2010 - 11:16 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:18 PM

Posted 19 July 2010 - 06:07 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 junyajax

junyajax
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 20 July 2010 - 09:19 PM

Ok thanks! I'll get on it asap.

#4 junyajax

junyajax
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 20 July 2010 - 09:56 PM

Ok suebaby, here is my updated scan.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Betty at 2010-07-20 19:51:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 205 GB (88%) free of 234 GB
Total RAM: 3070 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:52:17 PM, on 7/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Betty\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Betty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S96.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1262838483900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1262844590328
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9593 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-117609710-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-117609710-725345543-1003UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-117609710-725345543-1007Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-117609710-725345543-1007UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-117609710-725345543-1008Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-117609710-725345543-1008UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
ZoneAlarm Toolbar - C:\Program Files\ZoneAlarm\tbZone.dll [2010-05-09 2517088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - ZoneAlarm Toolbar - C:\Program Files\ZoneAlarm\tbZone.dll [2010-05-09 2517088]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []
"EPSON Stylus CX6000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE [2006-02-13 131072]
"MBBalloon"=C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe [2006-12-15 787096]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-20 282624]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-06-26 497200]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-06-26 614960]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-06-26 243248]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Google Update"=C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 136176]
"SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe delay 20000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Betty^Start Menu^Programs^Startup^desktop.ini]
C:\Documents and Settings\Betty\Start Menu\Programs\Startup\desktop.ini []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Betty^Start Menu^Programs^Startup^desktop.ininewwww.txt]
C:\Documents and Settings\Betty\Start Menu\Programs\Startup\desktop.ininewwww.txt []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Betty^Start Menu^Programs^Startup^yo.txt]
C:\Documents and Settings\Betty\Start Menu\Programs\Startup\yo.txt []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-20 19:51:51 ----D---- C:\rsit
2010-07-18 13:14:40 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-07-17 16:50:26 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-07-17 08:57:19 ----D---- C:\Documents and Settings\Betty\Application Data\Mozilla
2010-07-17 08:55:16 ----D---- C:\Program Files\LimeWire
2010-07-16 20:39:48 ----RA---- C:\WINDOWS\system32\drivers\lvpopflt.sys
2010-07-16 20:39:28 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2010-07-16 20:39:27 ----RA---- C:\WINDOWS\system32\lvcoinst.dll
2010-07-16 20:39:27 ----RA---- C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010-07-16 20:39:26 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2010-07-16 20:39:26 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2010-07-16 20:39:26 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2010-07-16 20:39:24 ----RA---- C:\WINDOWS\system32\drivers\lvuvc.sys
2010-07-16 20:39:10 ----RA---- C:\WINDOWS\system32\drivers\lvuvcflt.sys
2010-07-16 20:39:10 ----RA---- C:\WINDOWS\system32\drivers\lvselsus.sys
2010-07-16 20:31:05 ----D---- C:\Program Files\Common Files\Logitech
2010-07-16 20:30:47 ----D---- C:\Program Files\Logitech
2010-07-16 20:30:47 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2010-07-16 20:27:51 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys
2010-07-16 20:27:49 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys
2010-07-16 20:27:47 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys
2010-07-16 20:27:45 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys
2010-07-16 20:27:43 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2010-07-16 20:27:41 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys
2010-07-16 20:27:39 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys
2010-07-16 20:27:33 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2010-07-16 20:27:20 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-07-13 21:30:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 21:01:13 ----D---- C:\Documents and Settings\Betty\Application Data\Malwarebytes
2010-07-13 21:01:01 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-13 21:01:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-13 21:01:00 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-13 21:00:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-11 11:43:14 ----A---- C:\TDSSKiller.txt
2010-07-10 16:55:04 ----D---- C:\MGtools
2010-07-10 16:50:14 ----D---- C:\Qoobox
2010-07-10 16:47:09 ----D---- C:\32788R22FWJFW
2010-07-10 16:40:00 ----D---- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
2010-07-10 16:40:00 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-10 16:39:52 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-10 15:07:16 ----D---- C:\Documents and Settings\Betty\Application Data\Uniblue
2010-07-10 14:08:15 ----D---- C:\Documents and Settings\Betty\Application Data\Help
2010-07-10 13:21:35 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2010-07-09 19:01:16 ----D---- C:\Documents and Settings\Betty\Application Data\CheckPoint
2010-07-09 19:01:01 ----D---- C:\Program Files\Conduit
2010-07-09 19:00:54 ----D---- C:\Program Files\ZoneAlarm
2010-07-09 18:59:45 ----D---- C:\Program Files\CheckPoint
2010-07-09 18:58:42 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-07-09 18:58:40 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-07-09 18:58:40 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-07-09 18:58:31 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-07-09 18:58:31 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-07-09 18:58:31 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-07-09 18:58:30 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-07-09 18:58:30 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-07-09 18:58:30 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-07-09 18:58:30 ----A---- C:\WINDOWS\system32\vsdatant.sys
2010-07-09 18:58:29 ----D---- C:\Program Files\Zone Labs
2010-07-09 18:57:40 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-07-09 18:57:39 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-07-09 18:57:39 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-07-09 17:03:56 ----A---- C:\WINDOWS\system32\stlang.dll
2010-07-09 17:03:56 ----A---- C:\WINDOWS\stsystra.exe
2010-07-09 17:03:25 ----A---- C:\WINDOWS\system32\staco.dll
2010-07-09 17:03:23 ----A---- C:\WINDOWS\system32\drivers\sthda.sys
2010-07-09 17:03:22 ----A---- C:\WINDOWS\system32\stacapi.dll
2010-07-09 17:03:21 ----D---- C:\Program Files\SigmaTel
2010-07-09 16:52:13 ----A---- C:\WINDOWS\system32\staco(9).dll
2010-07-09 16:52:13 ----A---- C:\WINDOWS\system32\staco(8).dll
2010-07-09 16:52:13 ----A---- C:\WINDOWS\system32\staco(7).dll
2010-07-09 16:52:13 ----A---- C:\WINDOWS\system32\staco(6).dll
2010-07-09 16:38:55 ----A---- C:\WINDOWS\system32\staco(5).dll
2010-07-09 16:38:55 ----A---- C:\WINDOWS\system32\staco(4).dll
2010-07-09 16:38:55 ----A---- C:\WINDOWS\system32\staco(3).dll
2010-07-09 16:38:55 ----A---- C:\WINDOWS\system32\staco(2).dll
2010-07-09 16:04:19 ----D---- C:\cabs
2010-07-09 15:40:48 ----N---- C:\WINDOWS\system32\drivers\SET1D.tmp
2010-07-09 15:30:25 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-07-09 14:24:36 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-07-09 14:24:35 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-07-09 14:24:08 ----D---- C:\WINDOWS\Internet Logs
2010-07-09 14:18:29 ----HDC---- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-09 13:02:32 ----D---- C:\Documents and Settings\Betty\Application Data\Google
2010-07-09 13:02:20 ----D---- C:\Program Files\Google
2010-07-09 13:02:20 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-07-09 12:43:06 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-07-09 12:02:27 ----D---- C:\WINDOWS\pss
2010-07-09 10:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-07-09 10:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-07-08 21:15:44 ----SHD---- C:\WINDOWS\CSC
2010-07-08 20:55:26 ----D---- C:\Program Files\Trend Micro
2010-07-08 15:44:02 ----D---- C:\Program Files\IDT
2010-07-07 18:24:03 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-07-07 18:24:02 ----D---- C:\Program Files\Common Files\Java
2010-07-07 18:23:39 ----A---- C:\WINDOWS\system32\javaws.exe
2010-07-07 18:23:39 ----A---- C:\WINDOWS\system32\javaw.exe
2010-07-07 18:23:39 ----A---- C:\WINDOWS\system32\java.exe
2010-07-07 18:23:39 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-07 17:21:44 ----D---- C:\WINDOWS\system32\appmgmt
2010-07-07 17:19:32 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2010-07-07 17:13:38 ----D---- C:\Program Files\Microsoft
2010-07-07 17:13:37 ----D---- C:\Program Files\MSN Toolbar
2010-07-07 17:13:32 ----D---- C:\Program Files\Microsoft Silverlight
2010-07-07 17:13:00 ----D---- C:\Program Files\MSN Toolbar Installer
2010-07-07 17:12:58 ----D---- C:\Documents and Settings\All Users\Application Data\Driver Whiz
2010-07-07 14:36:51 ----D---- C:\WINDOWS\Sun
2010-07-07 03:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-06 18:58:48 ----D---- C:\WINDOWS\Minidump
2010-07-06 18:33:12 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-07-06 18:33:11 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-07-06 18:33:10 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-07-06 18:33:10 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-07-06 18:33:09 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-07-06 18:33:09 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-07-06 18:33:09 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-07-06 18:32:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-07-06 18:32:08 ----D---- C:\Program Files\Alwil Software
2010-07-06 18:32:08 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-07-06 18:23:12 ----D---- C:\Program Files\Free Window Registry Repair
2010-07-06 18:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-06 18:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
2010-07-06 18:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-06 18:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-06 18:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-06 18:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-06 18:06:10 ----D---- C:\Config.Msi
2010-07-06 18:04:41 ----D---- C:\90f0a35c346e129d63

======List of files/folders modified in the last 1 months======

2010-07-20 19:52:09 ----D---- C:\WINDOWS\Temp
2010-07-20 19:50:22 ----SD---- C:\WINDOWS\Tasks
2010-07-20 19:49:53 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-20 19:48:44 ----D---- C:\WINDOWS
2010-07-20 19:48:15 ----D---- C:\WINDOWS\Registration
2010-07-20 19:48:10 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem #2.txt
2010-07-20 19:47:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-20 19:47:26 ----RD---- C:\Program Files
2010-07-20 19:45:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-20 00:27:59 ----D---- C:\WINDOWS\system32
2010-07-20 00:27:55 ----D---- C:\WINDOWS\system32\FxsTmp
2010-07-17 21:42:07 ----D---- C:\Documents and Settings\Betty\Application Data\Hoyle Puzzle and Board Games
2010-07-17 19:08:58 ----D---- C:\WINDOWS\system32\Logfiles
2010-07-17 18:51:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-17 18:48:56 ----D---- C:\WINDOWS\Debug
2010-07-17 16:50:27 ----SHD---- C:\WINDOWS\Installer
2010-07-17 09:58:50 ----A---- C:\WINDOWS\DUMP3a2a.tmp
2010-07-16 21:25:33 ----D---- C:\WINDOWS\Prefetch
2010-07-16 20:39:48 ----D---- C:\WINDOWS\system32\drivers
2010-07-16 20:39:25 ----D---- C:\WINDOWS\twain_32
2010-07-16 20:39:25 ----D---- C:\WINDOWS\system
2010-07-16 20:38:54 ----HD---- C:\WINDOWS\inf
2010-07-16 20:33:22 ----D---- C:\Documents and Settings\Betty\Application Data\Microsoft
2010-07-16 20:31:08 ----D---- C:\WINDOWS\WinSxS
2010-07-16 20:31:05 ----D---- C:\Program Files\Common Files
2010-07-16 20:27:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-16 20:19:19 ----D---- C:\Program Files\HOTALBUMMyBOX
2010-07-13 21:30:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-11 11:51:38 ----SH---- C:\boot.ini
2010-07-11 11:51:38 ----A---- C:\WINDOWS\win.ini
2010-07-11 11:51:38 ----A---- C:\WINDOWS\system.ini
2010-07-10 22:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-07-10 12:03:11 ----D---- C:\WINDOWS\Help
2010-07-10 12:03:11 ----D---- C:\Program Files\Internet Explorer
2010-07-10 12:03:10 ----D---- C:\WINDOWS\system32\en-us
2010-07-10 12:02:01 ----D---- C:\WINDOWS\ie8updates
2010-07-10 12:01:19 ----D---- C:\WINDOWS\WBEM
2010-07-10 12:01:19 ----D---- C:\WINDOWS\Media
2010-07-10 11:48:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-09 17:11:32 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-09 16:59:58 ----D---- C:\WINDOWS\system32\config
2010-07-09 16:59:49 ----D---- C:\WINDOWS\system32\wbem
2010-07-09 14:24:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-09 14:18:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-08 19:22:31 ----D---- C:\Documents and Settings\Betty\Application Data\Hoyle FaceCreator
2010-07-08 16:38:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-07-08 16:36:30 ----D---- C:\Program Files\SpywareBlaster
2010-07-08 16:13:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-07 21:50:46 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-07 18:23:33 ----D---- C:\Program Files\Java
2010-07-07 18:19:50 ----D---- C:\Program Files\Defraggler
2010-07-07 17:13:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-07 17:13:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-07 17:12:56 ----RSD---- C:\WINDOWS\assembly
2010-07-07 03:05:01 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-06 19:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-07-06 18:05:31 ----D---- C:\WINDOWS\system32\Restore
2010-07-06 18:01:59 ----D---- C:\WINDOWS\network diagnostic
2010-07-06 17:58:48 ----SHD---- C:\System Volume Information
2010-07-02 12:39:05 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iastor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-03-21 304920]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-07-06 64288]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R0 PzWDM;PzWDM; C:\WINDOWS\system32\Drivers\PzWDM.sys [2010-03-23 15172]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-11-01 246680]
R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2006-06-22 20272]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-02-19 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-02-19 209536]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2006-06-22 1413424]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
R3 lvselsus;Logitech Selective Suspend Filter; C:\WINDOWS\system32\DRIVERS\lvselsus.sys [2006-06-22 55984]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960]
R3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2006-06-22 961072]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-02-19 731136]
S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2004-12-13 39904]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys []
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys []
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-06 1352832]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe []
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-07-28 520192]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
S3 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-10 19456]
S3 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Hope it helps u out.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:18 PM

Posted 25 July 2010 - 01:28 PM

I have some bad news for you. Your computer is seriously infected.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T64U71XS\n002106204r0409R18677f57X6715c9caY2b2d2878Z0100f06030dP000001091[1] (Rootkit.TDSS) -> Quarantined and deleted successfully

Unfortunately, one or more of the identified infections is a Rootkit/backdoor trojan.

IMPORTANT NOTE: Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised, please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your computer has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed, the computer is secure. In some instances, an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is another hidden piece of malware which has not been detected by your security tools that protects malicious files and registry keys (which have been detected) so they cannot be permanently deleted. The malware may leave so many remnants behind that security tools cannot find them. Most experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?

I strongly recommend that you reformat your computer. Even if we were able to clean the computer of some of the infections, your computer is not trustworthy and the removal of all affected files may not be successful. Tell me what you want to do.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:18 PM

Posted 08 August 2010 - 10:01 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users