Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
2 Pages V   1 2 >  
 Closed TopicStart new topic
Malware problem? [RESOLVED], My Spybot program stops scanning by a "user" stop...
~Mix
post Nov 21 2008, 03:02 PM
Post #1


Member
**
Posts: 77
From: Flint / Clio, Michigan
OS: Windows XP
I had a pop up from Spybot stating that I had Malware and I started to do scans and my Spybot program would not fully scan... I installed Malwarebytes and that removed 10. My Spybot still does not run and I'm sure I still have the problem. I did contact Harrythook of this forum, but I thought I should post this just in case.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50, on 2008-11-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINNT\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe (file missing)

--
End of file - 9845 bytes


(EDIT: I was able to do a system restore and I did restore my computer to 5 days ago. My Spybot program is working now. Also my AVG8.0 program picked up nothing (Spybot is still scanning).)
Any help would be thankful of.

This post has been edited by ~Mix: Nov 23 2008, 02:52 PM
Go to the top of the page
 
+Quote Post
emeraldnzl
post Nov 23 2008, 04:42 PM
Post #2


Trusted Helper
Group Icon
Posts: 8,065
OS: XP Pro
Hello ~Mix,

Your Java is out of date, older versions are vunerable to attack.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Next

  • Please download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Go to the top of the page
 
+Quote Post
~Mix
post Nov 24 2008, 06:14 PM
Post #3


Member
**
Posts: 77
From: Flint / Clio, Michigan
OS: Windows XP
Hello emeraldnzl!
Thank you for helping me!
Here are the logs you asked for...

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-24 19:12:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (9%) free of 78 GB
Total RAM: 511 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13, on 2008-11-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINNT\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe (file missing)

--
End of file - 9978 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\ISP signup reminder 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-24 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-24 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-24 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"NvCplDaemon"=C:\WINNT\System32\NvCpl.dll [2003-04-02 4616192]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]
"Hot Key Kbd 9910 Daemon"=C:\WINNT\system32\SK9910DM.EXE [2001-01-03 66048]
"Gateway Ink Monitor"=C:\Program Files\Gateway Utilities\GWInkMonitor.exe [2003-06-24 303180]
"CTHelper"=C:\WINNT\system32\CTHELPER.EXE [2003-01-21 28672]
"AdaptecDirectCD"=c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2003-03-26 684032]
"DDCActiveMenu"=C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe [2002-06-07 86016]
"EPSON Stylus CX6600 Series"=C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE [2004-02-29 98304]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2005-05-09 53248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-12-12 180269]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-07-12 1117184]
"GWMDMMSG"=C:\WINNT\GWMDMMSG.exe [2002-08-06 90112]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-24 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2008-04-13 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"Aim6"= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"McAfee.InstantUpdate.Monitor"=C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe /STARTMONITOR []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Documents and Settings\Owner\Local Settings\Temp\{B3BB3546-A019-40C9-9C22-5472E98C5E1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Epson all-in-one Registration.lnk - D:\Titles\EpsonReg\EPSONREG.EXE
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\WINNT\system32\dplaysvr.exe"="C:\WINNT\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Program Files\EA Games\The Battle for Middle-earth ™\game.dat"="C:\Program Files\EA Games\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-11-24 19:12:28 ----D---- C:\rsit
2008-11-24 19:10:22 ----A---- C:\WINNT\system32\javaws.exe
2008-11-24 19:10:22 ----A---- C:\WINNT\system32\javaw.exe
2008-11-24 19:10:22 ----A---- C:\WINNT\system32\deploytk.dll
2008-11-24 19:10:21 ----A---- C:\WINNT\system32\java.exe
2008-11-21 15:55:44 ----D---- C:\Program Files\Trend Micro
2008-11-20 22:27:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-20 16:57:27 ----HDC---- C:\WINNT\$NtUninstallKB951978$
2008-11-20 16:54:15 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2008-11-20 16:54:07 ----HDC---- C:\WINNT\$NtUninstallKB954459$
2008-11-20 16:53:55 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2008-11-16 16:43:31 ----A---- C:\WINNT\OEWABLog.txt
2008-11-16 16:30:41 ----D---- C:\WINNT\Prefetch
2008-11-16 16:10:40 ----HDC---- C:\WINNT\$NtUninstallKB958644$
2008-11-16 16:10:33 ----HDC---- C:\WINNT\$NtUninstallKB957095$
2008-11-16 16:10:23 ----HDC---- C:\WINNT\$NtUninstallKB956841$
2008-11-16 16:10:16 ----HDC---- C:\WINNT\$NtUninstallKB956803$
2008-11-16 16:10:04 ----HDC---- C:\WINNT\$NtUninstallKB954211$
2008-11-16 16:09:56 ----HDC---- C:\WINNT\$NtUninstallKB952954$
2008-11-16 16:09:48 ----HDC---- C:\WINNT\$NtUninstallKB952287$
2008-11-16 16:09:38 ----HDC---- C:\WINNT\$NtUninstallKB951748$
2008-11-16 16:09:31 ----HDC---- C:\WINNT\$NtUninstallKB951698$
2008-11-16 16:09:23 ----HDC---- C:\WINNT\$NtUninstallKB951376-v2$
2008-11-16 16:09:13 ----HDC---- C:\WINNT\$NtUninstallKB951066$
2008-11-16 16:09:06 ----HDC---- C:\WINNT\$NtUninstallKB950974$
2008-11-16 16:09:00 ----HDC---- C:\WINNT\$NtUninstallKB950762$
2008-11-16 16:08:51 ----HDC---- C:\WINNT\$NtUninstallKB946648$
2008-11-16 16:08:43 ----HDC---- C:\WINNT\$NtUninstallKB938464$
2008-11-16 16:04:16 ----A---- C:\WINNT\setuplog.txt
2008-11-16 16:02:14 ----D---- C:\WINNT\system32\scripting
2008-11-16 16:02:08 ----D---- C:\WINNT\l2schemas
2008-11-16 16:02:06 ----D---- C:\WINNT\system32\en
2008-11-16 15:55:00 ----D---- C:\WINNT\network diagnostic
2008-11-02 02:04:03 ----HDC---- C:\WINNT\$NtUninstallKB929399$
2008-11-02 02:03:28 ----HDC---- C:\WINNT\$NtUninstallKB939683$
2008-11-02 02:02:37 ----HDC---- C:\WINNT\$NtUninstallKB954154_WM11$
2008-11-02 02:02:15 ----HDC---- C:\WINNT\$NtUninstallKB936782_WMP11$
2008-10-31 18:30:12 ----HDC---- C:\WINNT\$NtUninstallKB926239$
2008-10-31 18:28:51 ----N---- C:\WINNT\system32\spmsg.dll
2008-10-31 18:28:49 ----HDC---- C:\WINNT\$NtUninstallMSCompPackV1$
2008-10-31 18:27:55 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-31 18:27:41 ----HDC---- C:\WINNT\$NtUninstallwmp11$
2008-10-31 18:25:59 ----HDC---- C:\WINNT\$NtUninstallWMFDist11$
2008-10-31 18:24:24 ----HDC---- C:\WINNT\$NtUninstallWudf01000$
2008-10-31 18:23:03 ----D---- C:\c295c12782c63211916033

======List of files/folders modified in the last 1 months======

2008-11-24 19:13:04 ----D---- C:\WINNT\TEMP
2008-11-24 19:10:32 ----D---- C:\Program Files\SpywareGuard
2008-11-24 19:10:23 ----D---- C:\WINNT\system32
2008-11-24 19:09:25 ----SHD---- C:\WINNT\Installer
2008-11-24 19:09:06 ----D---- C:\Program Files\Java
2008-11-24 17:13:55 ----D---- C:\Program Files\Mozilla Firefox
2008-11-24 16:08:41 ----D---- C:\WINNT
2008-11-24 16:05:10 ----RSHD---- C:\WINNT\system32\dllcache
2008-11-24 16:05:05 ----D---- C:\WINNT\system32\CatRoot2
2008-11-23 23:05:29 ----A---- C:\WINNT\SchedLgU.Txt
2008-11-23 21:41:53 ----HD---- C:\WINNT\inf
2008-11-23 21:41:53 ----D---- C:\WINNT\Help
2008-11-23 17:01:06 ----D---- C:\Program Files\StepMania
2008-11-23 16:39:50 ----D---- C:\Program Files\EA Games
2008-11-23 16:38:34 ----D---- C:\Program Files
2008-11-22 03:02:53 ----A---- C:\WINNT\imsins.BAK
2008-11-22 03:02:51 ----D---- C:\WINNT\system32\drivers
2008-11-22 03:00:55 ----D---- C:\WINNT\WinSxS
2008-11-21 20:34:06 ----D---- C:\Program Files\TurboTax
2008-11-21 20:29:29 ----D---- C:\Program Files\ItsDeductibleEX
2008-11-21 19:41:56 ----D---- C:\Program Files\Common Files\AOL
2008-11-21 19:37:13 ----D---- C:\Program Files\LimeWire
2008-11-21 19:34:13 ----D---- C:\WINNT\system32\CatRoot
2008-11-21 19:20:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-21 19:20:22 ----D---- C:\Program Files\SpywareBlaster
2008-11-21 19:16:27 ----D---- C:\WINNT\system32\config
2008-11-21 19:15:53 ----D---- C:\WINNT\system32\wbem
2008-11-21 19:15:53 ----D---- C:\WINNT\Registration
2008-11-20 16:54:14 ----HD---- C:\WINNT\$hf_mig$
2008-11-16 18:44:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-16 18:11:58 ----SD---- C:\WINNT\Tasks
2008-11-16 18:11:01 ----D---- C:\Program Files\McAfee
2008-11-16 17:26:08 ----SD---- C:\WINNT\Downloaded Program Files
2008-11-16 17:26:05 ----D---- C:\Program Files\Whale Communications
2008-11-16 17:24:01 ----D---- C:\Program Files\Quicken
2008-11-16 17:23:35 ----D---- C:\Program Files\Common Files
2008-11-16 17:23:24 ----AC---- C:\WINNT\QUICKEN.INI
2008-11-16 16:45:23 ----D---- C:\Program Files\Adobe
2008-11-16 16:32:35 ----AC---- C:\WINNT\system32\PerfStringBackup.INI
2008-11-16 16:30:00 ----D---- C:\WINNT\system32\Setup
2008-11-16 16:30:00 ----D---- C:\WINNT\AppPatch
2008-11-16 16:30:00 ----D---- C:\Program Files\Messenger
2008-11-16 16:29:58 ----RSD---- C:\WINNT\Fonts
2008-11-16 16:29:13 ----D---- C:\WINNT\security
2008-11-16 16:02:58 ----D---- C:\WINNT\ServicePackFiles
2008-11-16 16:02:50 ----D---- C:\WINNT\ime
2008-11-16 16:02:16 ----D---- C:\WINNT\system32\usmt
2008-11-16 16:02:16 ----D---- C:\WINNT\system32\en-US
2008-11-16 16:02:06 ----D---- C:\WINNT\system32\bits
2008-11-16 16:02:06 ----D---- C:\WINNT\peernet
2008-11-16 16:02:05 ----D---- C:\Program Files\Movie Maker
2008-11-16 15:57:24 ----D---- C:\WINNT\system32\Restore
2008-11-16 15:57:24 ----D---- C:\WINNT\system32\npp
2008-11-16 15:57:22 ----D---- C:\WINNT\msagent
2008-11-16 15:57:21 ----D---- C:\WINNT\srchasst
2008-11-16 15:57:18 ----D---- C:\Program Files\NetMeeting
2008-11-16 15:57:17 ----D---- C:\WINNT\system32\Com
2008-11-16 15:57:14 ----D---- C:\Program Files\Windows Media Player
2008-11-16 15:57:13 ----D---- C:\Program Files\Windows NT
2008-11-16 15:57:13 ----D---- C:\Program Files\Outlook Express
2008-11-16 15:57:10 ----D---- C:\Program Files\Common Files\System
2008-11-16 15:56:48 ----D---- C:\WINNT\system32\oobe
2008-11-16 15:56:45 ----D---- C:\WINNT\system
2008-11-16 15:53:31 ----D---- C:\WINNT\system32\ReinstallBackups
2008-11-16 15:53:18 ----HDC---- C:\WINNT\$NtServicePackUninstall$
2008-11-16 15:48:56 ----D---- C:\WINNT\EHome
2008-11-09 13:10:20 ----D---- C:\Program Files\Mungyodance3
2008-11-09 11:19:56 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 11:18:08 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 09:44:37 ----HD---- C:\$AVG8.VAULT$
2008-11-03 19:10:25 ----A---- C:\WINNT\system32\MRT.exe
2008-10-31 18:28:10 ----A---- C:\WINNT\win.ini
2008-10-31 18:24:33 ----D---- C:\WINNT\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINNT\System32\Drivers\avgmfx86.sys [2008-07-02 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2006-03-09 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-03-09 2560]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2003-03-26 241280]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pwd_2k;pwd_2k; C:\WINNT\system32\drivers\pwd_2k.sys [2003-03-26 144250]
R1 Sk9920nt;PS/2 Keyboard Filter Driver for NT 4.0; C:\WINNT\System32\DRIVERS\Sk9920nt.sys [2000-09-11 6208]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINNT\system32\drivers\UdfReadr_xp.sys [2003-03-26 206464]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2008-07-02 76040]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINNT\system32\drivers\ctac32k.sys [2003-01-21 135040]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINNT\system32\drivers\ctaud2k.sys [2003-01-21 497376]
R3 ctprxy2k;Creative Proxy Driver; C:\WINNT\system32\drivers\ctprxy2k.sys [2003-01-21 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINNT\system32\drivers\ctsfm2k.sys [2003-01-21 135248]
R3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2003-03-26 25930]
R3 E100B;Intel® PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINNT\system32\drivers\emupia2k.sys [2003-01-21 116000]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 GTWModem;GTW V.92 Voicemodem; C:\WINNT\System32\DRIVERS\GWMDM.sys [2002-08-06 1107680]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINNT\system32\drivers\ha10kx2k.sys [2003-01-21 822416]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINNT\system32\drivers\hap16v2k.sys [2003-01-21 139936]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-04-02 1265130]
R3 ossrv;Creative OS Services Driver; C:\WINNT\system32\drivers\ctoss2k.sys [2003-01-21 184656]
R3 Sk99202k;PS/2 Keyboard Filter Driver for Win2000; C:\WINNT\System32\DRIVERS\Sk99202k.sys [2000-09-11 7552]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BCMModem;BCM V.90 56K Modem; C:\WINNT\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINNT\system32\drivers\ctdvda2k.sys [2003-01-21 286384]
S3 hid8101;hid8101; C:\WINNT\system32\drivers\hid8101.SYS [2006-10-23 31899]
S3 ICDUSB2;Sony IC Recorder (P); C:\WINNT\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 lredbooo;lredbooo; \??\C:\DOCUME~1\Dylan\LOCALS~1\Temp\lredbooo.sys []
S3 LTower;LEGO USB Tower Driver; C:\WINNT\System32\Drivers\LTower.sys [2001-04-25 36981]
S3 MA_CMIDI;M-Audio USB Driver; C:\WINNT\system32\drivers\ma_cmidi.sys [2007-11-14 31752]
S3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2003-03-26 30662]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 ovt519;Eye Toy; C:\WINNT\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 PCDRDRV;Pcdr Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [2003-04-02 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-24 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINNT\System32\nvsvc32.exe [2003-04-02 69632]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 UnoInstallerService;Uno Installer; C:\Program Files\M-Audio Uno\UnoInst.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-02 138168]
S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINNT\system32\IcdSptSv.exe [2003-04-01 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-24 19:13:14

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->C:\WINNT\uninst.exe -fC:\Maxis\SimEarth\DeIsL2.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
3D Ultra Lionel® TrainTown-->C:\WINNT\IsUninst.exe -fC:\Sierra\TrainTown\Uninst.isu
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Uninstaller-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\Setup.exe" -l0x9 -uninst
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Blackhawk Striker-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {C4AE01B9-84F3-489F-A990-68306BC5548C}
Blasterball 2-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {3DA2C525-0A4A-4634-8656-8F442FD2C44A}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
C++ Multimedia Cyber Classroom 4th ed.-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9EA270B-F1E6-4C89-AF81-508BEBBF62C0}\setup.exe"
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Creative Driver-->C:\WINNT\System32\ctdrvins /s /u
Dark Orbit-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {19906F9F-2E4F-4389-BB6E-205FE12B4BAA}
Deckadance-->C:\Program Files\VstPlugins\Deckadance\uninstall.exe
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\DXM51.INF,Uninstall.NT
Disney Trivia Challenge-->C:\WINNT\IsUninst.exe -fC:\PROGRA~1\DISNEY~2\DISNEY~1\DeIsL1.isu
Disney's Lilo and Stitch Pinball-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {33C279DD-AA04-406D-B122-CBE750316CEB}
D-Link VGA Webcam-->C:\WINNT\CleanDev.exe C:\WINNT\ov519.TXT
Do More 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2B7C41F-C63D-4935-B323-B60673724D63}\SETUP.EXE" -l0x9
DVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
EA SPORTS online 2005-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EA.com Matchup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x0 Uninstall
EA.com Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x0 Uninstall
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Electronic Arts Game Updater-->C:\WINNT\IsUninst.exe -f"c:\Program Files\EACom\Update\Uninst.isu"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x9 -UnInstall
EPSON CX6600 Reference Guide-->C:\Program Files\epson\guide\cx6600_e\uninstall.exe
EPSON PhotoStarter3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst
EPSON Printer Software-->C:\WINNT\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
Excavation-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {B1C7AAF5-2271-410E-90BF-8FDF8B7029A1}
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Frogger2-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Frogger2\Uninst.isu"
Gateway Ink Monitor-->MsiExec.exe /X{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}
Gateway Rhapsody-->"C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 20BBF229-A337-40AD-9FEB-2C98CDA53D1C /Prompt
GemMaster 2-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {080E0356-D231-41FC-8F31-9760FC4487D9}
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTW V.92 Voicemodem-->C:\WINNT\GWMDMU.exe verbose
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINNT\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
HOTLLAMA Media Player-->C:\Program Files\HOTLLAMA MEDIA\Player\UNWISE.EXE
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Development Kit 6 Update 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JumpStart 1st Grade v1.5-->C:\WINNT\IsUninst.exe -fC:\KA\FG\DeIsL1.isu
Learn with Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Setup\Skillb\Uninstall\setup.exe"
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\tv_enua.inf, Uninstall
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player-->C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Microsoft .NET Framework (English) v1.0.3705-->C:\WINNT\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2003-->MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2003 System Pack-->MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Money 2003-->MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft National Language Support Downlevel APIs-->"C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel 2003-->MsiExec.exe /I{90160409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Streets and Trips 2002-->MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINNT\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe d:\
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Microsoft Zoo Tycoon-->"C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
ModPlug Tracker QuikStart Kit-->"C:\Program Files\ModPlug\Tracker\unins001.exe"
ModPlug Tracker-->"C:\Program Files\ModPlug\Tracker\unins000.exe"
Monopoly-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu"
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe
MSN Messenger 5.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314B00527}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Nick Click™ Digital Camera & CD-ROM-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Nickelodeon\Nick Click ™\MDCUninst.isu"
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINNT\System32\nvinstnt.dll,NvUninstallNT4 nvgw.inf
Pac-Man Adventures in Time-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct
Go to the top of the page
 
+Quote Post
emeraldnzl
post Nov 24 2008, 07:38 PM
Post #4


Trusted Helper
Group Icon
Posts: 8,065
OS: XP Pro
Hello again ~Mix,

Couple of things.

A remnant of ComboFix there that may or may not be being picked up as malware by your Spybot.

Also you have SpywareGuard, Spybot and AV8 WatchDog. Could there be conflict happening there. That is, is Spotbot running into conflict and flagging it as Malware.

Running two or more realtime anti-spyware programs can cause crashes and other problems leaving you with little or no protection. The same applies to more than one anti-virus or more than one firewall. Just a thought.

Now

First we need to disable TeaTimer so it does not interfere with the changes we are going to make.

  • Start Spybot-S&D
  • Go to the Mode menu and make sure Advanced Mode is selected
  • On the left hand side choose Tools and then click on Resident
  • Uncheck Resident Tea Timer and choose OK for any other prompts
  • Restart your computer

-----Step 2-----

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Sheild > Uncheck the Resident Sheild Active box > Save Changes.

Next

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    :processes
    explorer.exe
    :services
    lredbooo
    catchme
    :files
    C:\ComboFix\catchme.sys
    C:\DOCUME~1\Dylan\LOCALS~1\Temp\lredbooo.sys
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Lastly in this post

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • OTMoveIt3 log
  • Kaspersky on line scan results
Go to the top of the page
 
+Quote Post
~Mix
post Nov 26 2008, 01:31 PM
Post #5


Member
**
Posts: 77
From: Flint / Clio, Michigan
OS: Windows XP
Hello emeraldnzl,
Here is one of the logs that you wanted. The scanner log I didn't get (timed out or something). But, the scanner did delete my Firefox & Internet Explorer browsers! I had to use my Yahoo Messenger to ask a friend for the download .exe. Also deleted Spybot and SpywareBlaster. If a log has been saved I do not know where it is...

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service lredbooo stopped successfully.
Service lredbooo deleted successfully.
Service catchme stopped successfully.
Service catchme deleted successfully.
========== FILES ==========
File/Folder C:\ComboFix\catchme.sys not found.
File/Folder C:\DOCUME~1\Dylan\LOCALS~1\Temp\lredbooo.sys not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC139.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC6FA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINNT\temp\Perflib_Perfdata_ec.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11252008_164336

Files moved on Reboot...
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC139.tmp moved successfully.
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC6FA.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINNT\temp\Perflib_Perfdata_ec.dat not found!

This post has been edited by ~Mix: Nov 26 2008, 01:31 PM
Go to the top of the page
 
+Quote Post
emeraldnzl
post Nov 26 2008, 01:42 PM
Post #6


Trusted Helper
Group Icon
Posts: 8,065
OS: XP Pro
QUOTE
The scanner log I didn't get (timed out or something). But, the scanner did delete my Firefox & Internet Explorer browsers!


Please clarify this statement.

There was nothing in the OTMoveIt3 script that would have done that. In any event we can restore from OTMoveIt3 backup if necessary.

Was it when you tried to run Kaspersky?
Go to the top of the page
 
+Quote Post
emeraldnzl
post Nov 26 2008, 01:58 PM
Post #7


Trusted Helper
Group Icon
Posts: 8,065
OS: XP Pro
Hello ~Mix,

Further to my last post; I have thought about this and it occurred to me that I did remove some leftover bits of ComboFix. It hadn't been removed properly when it had been used at some earlier time.

Now, ComboFix can create problems when it is not used properly. This may be a cause of the difficulty now appearing.

Here is a remedy:

ComboFix will disconnect the machine from the internet, this prevents fresh malware from coming in.
The connection shall be restored once ComboFix gets to the Find3M stage.
In the event that ComboFix terminates prematurely you can manually restore the connection by ...
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"



Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.
Go to the top of the page
 
+Quote Post
~Mix
post Nov 26 2008, 02:08 PM
Post #8


Member
**
Posts: 77
From: Flint / Clio, Michigan
OS: Windows XP
Hello emeraldnzl,
To explain more, I was not able to get to the computer when it was done scanning for about 12 hours (home issues). When I was able to get on the computer there was not a task open and my firefox browser, which I use was not on the computer as it was deleted, but the program folder was there if just a few random files in it. The same with Spybot, with just Teatimer in the folder. I spent a while trying to access the internet by trying to update programs as GoogleEarth and even trying to open up windows with Yahoo Mesenger. After a while a friend on Yahoo popped up and get me the installation for Firefox and that got me on. I was able to get on the internet as I was on Yahoo Messenger and GoogleEarth. Just not using a search browser... I will repair it if you want me to, but I am using the computer we are trying to fix...

This post has been edited by ~Mix: Nov 26 2008, 02:12 PM
Go to the top of the page
 
+Quote Post
emeraldnzl
post Nov 26 2008, 05:41 PM
Post #9


Trusted Helper
Group Icon
Posts: 8,065
OS: XP Pro
QUOTE
To explain more, I was not able to get to the computer when it was done scanning for about 12 hours (home issues). When I was able to get on the computer there was not a task open and my firefox browser, which I use was not on the computer as it was deleted, but the program folder was there if just a few random files in it. The same with Spybot, with just Teatimer in the folder.


Okay, well those symptoms are not related to what we did. Looks like someone else might have been doing things with your computer.

We need to run RSIT again to see where we are now. After you have run it, can you tell me that things will not be altered before use any other tools?

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, a log will open. Please post the contents of log.txt back here.
Go to the top of the page
 
+Quote Post
~Mix
post Nov 27 2008, 07:40 AM
Post #10


Member
**
Posts: 77
From: Flint / Clio, Michigan
OS: Windows XP
Hello emeraldnzl,
Happy Thanksgiving! It seems I have missed saying this to you on your Thanksgiving three days ago...

(I believe I have found the problem that lead to the deletion of many of my programs, and it is very stupid...)

Here is the log you asked for.



Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-27 08:34:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (18%) free of 78 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35, on 2008-11-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINNT\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe (file missing)

--
End of file - 10150 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\ISP signup reminder 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-26 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-24 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-24 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-24 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"NvCplDaemon"=C:\WINNT\System32\NvCpl.dll [2003-04-02 4616192]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]
"Hot Key Kbd 9910 Daemon"=C:\WINNT\system32\SK9910DM.EXE [2001-01-03 66048]
"Gateway Ink Monitor"=C:\Program Files\Gateway Utilities\GWInkMonitor.exe [2003-06-24 303180]
"CTHelper"=C:\WINNT\system32\CTHELPER.EXE [2003-01-21 28672]
"AdaptecDirectCD"=c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2003-03-26 684032]
"DDCActiveMenu"=C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe [2002-06-07 86016]
"EPSON Stylus CX6600 Series"=C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE [2004-02-29 98304]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2005-05-09 53248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-12-12 180269]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-07-12 1117184]
"GWMDMMSG"=C:\WINNT\GWMDMMSG.exe [2002-08-06 90112]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-24 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2008-04-13 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"Aim6"= []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"McAfee.InstantUpdate.Monitor"=C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe /STARTMONITOR []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Documents and Settings\Owner\Local Settings\Temp\{B3BB3546-A019-40C9-9C22-5472E98C5E1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Epson all-in-one Registration.lnk - D:\Titles\EpsonReg\EPSONREG.EXE
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\WINNT\system32\dplaysvr.exe"="C:\WINNT\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Program Files\EA Games\The Battle for Middle-earth ™\game.dat"="C:\Program Files\EA Games\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-11-26 19:17:19 ----A---- C:\WINNT\system32\avgrsstx.dll
2008-11-25 16:43:36 ----D---- C:\_OTMoveIt
2008-11-24 19:12:28 ----D---- C:\rsit
2008-11-24 19:10:22 ----A---- C:\WINNT\system32\javaws.exe
2008-11-24 19:10:22 ----A---- C:\WINNT\system32\javaw.exe
2008-11-24 19:10:22 ----A---- C:\WINNT\system32\deploytk.dll
2008-11-24 19:10:21 ----A---- C:\WINNT\system32\java.exe
2008-11-21 15:55:44 ----D---- C:\Program Files\Trend Micro
2008-11-20 22:27:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-20 16:57:27 ----HDC---- C:\WINNT\$NtUninstallKB951978$
2008-11-20 16:54:15 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2008-11-20 16:54:07 ----HDC---- C:\WINNT\$NtUninstallKB954459$
2008-11-20 16:53:55 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2008-11-16 16:43:31 ----A---- C:\WINNT\OEWABLog.txt
2008-11-16 16:30:41 ----D---- C:\WINNT\Prefetch
2008-11-16 16:10:40 ----HDC---- C:\WINNT\$NtUninstallKB958644$
2008-11-16 16:10:33 ----HDC---- C:\WINNT\$NtUninstallKB957095$
2008-11-16 16:10:23 ----HDC---- C:\WINNT\$NtUninstallKB956841$
2008-11-16 16:10:16 ----HDC---- C:\WINNT\$NtUninstallKB956803$
2008-11-16 16:10:04 ----HDC---- C:\WINNT\$NtUninstallKB954211$
2008-11-16 16:09:56 ----HDC---- C:\WINNT\$NtUninstallKB952954$
2008-11-16 16:09:48 ----HDC---- C:\WINNT\$NtUninstallKB952287$
2008-11-16 16:09:38 ----HDC---- C:\WINNT\$NtUninstallKB951748$
2008-11-16 16:09:31 ----HDC---- C:\WINNT\$NtUninstallKB951698$
2008-11-16 16:09:23 ----HDC---- C:\WINNT\$NtUninstallKB951376-v2$
2008-11-16 16:09:13 ----HDC---- C:\WINNT\$NtUninstallKB951066$
2008-11-16 16:09:06 ----HDC---- C:\WINNT\$NtUninstallKB950974$
2008-11-16 16:09:00 ----HDC---- C:\WINNT\$NtUninstallKB950762$
2008-11-16 16:08:51 ----HDC---- C:\WINNT\$NtUninstallKB946648$
2008-11-16 16:08:43 ----HDC---- C:\WINNT\$NtUninstallKB938464$
2008-11-16 16:04:16 ----A---- C:\WINNT\setuplog.txt
2008-11-16 16:02:14 ----D---- C:\WINNT\system32\scripting
2008-11-16 16:02:08 ----D---- C:\WINNT\l2schemas
2008-11-16 16:02:06 ----D---- C:\WINNT\system32\en
2008-11-16 15:55:00 ----D---- C:\WINNT\network diagnostic
2008-11-02 02:04:03 ----HDC---- C:\WINNT\$NtUninstallKB929399$
2008-11-02 02:03:28 ----HDC---- C:\WINNT\$NtUninstallKB939683$
2008-11-02 02:02:37 ----HDC---- C:\WINNT\$NtUninstallKB954154_WM11$
2008-11-02 02:02:15 ----HDC---- C:\WINNT\$NtUninstallKB936782_WMP11$
2008-10-31 18:30:12 ----HDC---- C:\WINNT\$NtUninstallKB926239$
2008-10-31 18:28:51 ----N---- C:\WINNT\system32\spmsg.dll
2008-10-31 18:28:49 ----HDC---- C:\WINNT\$NtUninstallMSCompPackV1$
2008-10-31 18:27:55 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-31 18:27:41 ----HDC---- C:\WINNT\$NtUninstallwmp11$
2008-10-31 18:25:59 ----HDC---- C:\WINNT\$NtUninstallWMFDist11$
2008-10-31 18:24:24 ----HDC---- C:\WINNT\$NtUninstallWudf01000$
2008-10-31 18:23:03 ----D---- C:\c295c12782c63211916033

======List of files/folders modified in the last 1 months======

2008-11-27 08:35:07 ----D---- C:\WINNT\TEMP
2008-11-27 08:33:17 ----D---- C:\Program Files\Mozilla Firefox
2008-11-26 19:17:19 ----D---- C:\WINNT\system32\drivers
2008-11-26 19:17:19 ----D---- C:\WINNT\system32
2008-11-26 19:16:44 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-26 19:16:35 ----SHD---- C:\WINNT\Installer
2008-11-26 19:16:34 ----D---- C:\WINNT\WinSxS
2008-11-26 19:16:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-26 19:15:58 ----D---- C:\WINNT
2008-11-26 19:12:21 ----A---- C:\WINNT\SchedLgU.Txt
2008-11-26 16:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-26 16:24:28 ----D---- C:\Program Files\StepMania
2008-11-26 14:28:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-26 14:02:23 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-11-26 12:29:05 ----D---- C:\Program Files\Mungyodance3
2008-11-26 09:54:20 ----D---- C:\Program Files
2008-11-26 09:53:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-26 09:42:01 ----D---- C:\Program Files\Common Files
2008-11-26 09:39:02 ----D---- C:\Program Files\Hasbro Interactive
2008-11-26 09:29:14 ----AC---- C:\WINNT\KA.INI
2008-11-26 09:29:10 ----D---- C:\KA
2008-11-26 09:28:26 ----D---- C:\Program Files\EA SPORTS
2008-11-26 09:27:50 ----AC---- C:\WINNT\disney.ini
2008-11-26 09:27:08 ----D---- C:\Program Files\PTG Interactive
2008-11-26 09:25:01 ----AC---- C:\WINNT\Sierra.ini
2008-11-24 19:10:32 ----D---- C:\Program Files\SpywareGuard
2008-11-24 19:09:06 ----D---- C:\Program Files\Java
2008-11-24 16:05:10 ----RSHD---- C:\WINNT\system32\dllcache
2008-11-24 16:05:05 ----D---- C:\WINNT\system32\CatRoot2
2008-11-23 21:41:53 ----HD---- C:\WINNT\inf
2008-11-23 21:41:53 ----D---- C:\WINNT\Help
2008-11-23 16:39:50 ----D---- C:\Program Files\EA Games
2008-11-22 03:02:53 ----A---- C:\WINNT\imsins.BAK
2008-11-21 20:34:06 ----D---- C:\Program Files\TurboTax
2008-11-21 20:29:29 ----D---- C:\Program Files\ItsDeductibleEX
2008-11-21 19:41:56 ----D---- C:\Program Files\Common Files\AOL
2008-11-21 19:37:13 ----D---- C:\Program Files\LimeWire
2008-11-21 19:34:13 ----D---- C:\WINNT\system32\CatRoot
2008-11-21 19:20:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-21 19:16:27 ----D---- C:\WINNT\system32\config
2008-11-21 19:15:53 ----D---- C:\WINNT\system32\wbem
2008-11-21 19:15:53 ----D---- C:\WINNT\Registration
2008-11-20 16:54:14 ----HD---- C:\WINNT\$hf_mig$
2008-11-16 18:44:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-16 18:11:58 ----SD---- C:\WINNT\Tasks
2008-11-16 18:11:01 ----D---- C:\Program Files\McAfee
2008-11-16 17:26:08 ----SD---- C:\WINNT\Downloaded Program Files
2008-11-16 17:26:05 ----D---- C:\Program Files\Whale Communications
2008-11-16 17:24:01 ----D---- C:\Program Files\Quicken
2008-11-16 17:23:24 ----AC---- C:\WINNT\QUICKEN.INI
2008-11-16 16:45:23 ----D---- C:\Program Files\Adobe
2008-11-16 16:32:35 ----AC---- C:\WINNT\system32\PerfStringBackup.INI
2008-11-16 16:30:00 ----D---- C:\WINNT\system32\Setup
2008-11-16 16:30:00 ----D---- C:\WINNT\AppPatch
2008-11-16 16:30:00 ----D---- C:\Program Files\Messenger
2008-11-16 16:29:58 ----RSD---- C:\WINNT\Fonts
2008-11-16 16:29:13 ----D---- C:\WINNT\security
2008-11-16 16:02:58 ----D---- C:\WINNT\ServicePackFiles
2008-11-16 16:02:50 ----D---- C:\WINNT\ime
2008-11-16 16:02:16 ----D---- C:\WINNT\system32\usmt
2008-11-16 16:02:16 ----D---- C:\WINNT\system32\en-US
2008-11-16 16:02:06 ----D---- C:\WINNT\system32\bits
2008-11-16 16:02:06 ----D---- C:\WINNT\peernet
2008-11-16 16:02:05 ----D---- C:\Program Files\Movie Maker
2008-11-16 15:57:24 ----D---- C:\WINNT\system32\Restore
2008-11-16 15:57:24 ----D---- C:\WINNT\system32\npp
2008-11-16 15:57:22 ----D---- C:\WINNT\msagent
2008-11-16 15:57:21 ----D---- C:\WINNT\srchasst
2008-11-16 15:57:18 ----D---- C:\Program Files\NetMeeting
2008-11-16 15:57:17 ----D---- C:\WINNT\system32\Com
2008-11-16 15:57:14 ----D---- C:\Program Files\Windows Media Player
2008-11-16 15:57:13 ----D---- C:\Program Files\Windows NT
2008-11-16 15:57:13 ----D---- C:\Program Files\Outlook Express
2008-11-16 15:57:10 ----D---- C:\Program Files\Common Files\System
2008-11-16 15:56:48 ----D---- C:\WINNT\system32\oobe
2008-11-16 15:56:45 ----D---- C:\WINNT\system
2008-11-16 15:53:31 ----D---- C:\WINNT\system32\ReinstallBackups
2008-11-16 15:53:18 ----HDC---- C:\WINNT\$NtServicePackUninstall$
2008-11-16 15:48:56 ----D---- C:\WINNT\EHome
2008-11-04 09:44:37 ----HD---- C:\$AVG8.VAULT$
2008-11-03 19:10:25 ----A---- C:\WINNT\system32\MRT.exe
2008-10-31 18:28:10 ----A---- C:\WINNT\win.ini
2008-10-31 18:24:33 ----D---- C:\WINNT\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2008-11-26 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINNT\System32\Drivers\avgmfx86.sys [2008-11-26 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2006-03-09 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-03-09 2560]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2003-03-26 241280]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pwd_2k;pwd_2k; C:\WINNT\system32\drivers\pwd_2k.sys [2003-03-26 144250]
R1 Sk9920nt;PS/2 Keyboard Filter Driver for NT 4.0; C:\WINNT\System32\DRIVERS\Sk9920nt.sys [2000-09-11 6208]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINNT\system32\drivers\UdfReadr_xp.sys [2003-03-26 206464]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2008-11-26 76040]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINNT\system32\drivers\ctac32k.sys [2003-01-21 135040]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINNT\system32\drivers\ctaud2k.sys [2003-01-21 497376]
R3 ctprxy2k;Creative Proxy Driver; C:\WINNT\system32\drivers\ctprxy2k.sys [2003-01-21 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINNT\system32\drivers\ctsfm2k.sys [2003-01-21 135248]
R3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2003-03-26 25930]
R3 E100B;Intel® PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINNT\system32\drivers\emupia2k.sys [2003-01-21 116000]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 GTWModem;GTW V.92 Voicemodem; C:\WINNT\System32\DRIVERS\GWMDM.sys [2002-08-06 1107680]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINNT\system32\drivers\ha10kx2k.sys [2003-01-21 822416]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINNT\system32\drivers\hap16v2k.sys [2003-01-21 139936]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-04-02 1265130]
R3 ossrv;Creative OS Services Driver; C:\WINNT\system32\drivers\ctoss2k.sys [2003-01-21 184656]
R3 Sk99202k;PS/2 Keyboard Filter Driver for Win2000; C:\WINNT\System32\DRIVERS\Sk99202k.sys [2000-09-11 7552]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BCMModem;BCM V.90 56K Modem; C:\WINNT\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINNT\system32\drivers\ctdvda2k.sys [2003-01-21 286384]
S3 hid8101;hid8101; C:\WINNT\system32\drivers\hid8101.SYS [2006-10-23 31899]
S3 ICDUSB2;Sony IC Recorder (P); C:\WINNT\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 LTower;LEGO USB Tower Driver; C:\WINNT\System32\Drivers\LTower.sys [2001-04-25 36981]
S3 MA_CMIDI;M-Audio USB Driver; C:\WINNT\system32\drivers\ma_cmidi.sys [2007-11-14 31752]
S3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2003-03-26 30662]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 ovt519;Eye Toy; C:\WINNT\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 PCDRDRV;Pcdr Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [2003-04-02 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-26 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-26 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-24 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINNT\System32\nvsvc32.exe [2003-04-02 69632]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 UnoInstallerService;Uno Installer; C:\Program Files\M-Audio Uno\UnoInst.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-02 138168]
S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINNT\system32\IcdSptSv.exe [2003-04-01 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

This post has been edited by ~Mix: Nov 27 2008, 07:42 AM
Go to the top of the page
 
+Quote Post
emeraldnzl
post Nov 27 2008, 02:54 PM
Post #11


Trusted Helper
Group Icon
Posts: 8,065
OS: XP Pro
Okay ~Mix, it looks good to go.

Lets try for that Kaspersky scan again.

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.
Go to the top of the page
 
+Quote Post
~Mix
post Nov 28 2008, 09:58 PM
Post #12


Member
**
Posts: 77
From: Flint / Clio, Michigan
OS: Windows XP
Hello emeraldnzl,
Here is the log you asked for... It took longer than I thought it would because of a file that it stopped the scan on.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, November 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, November 28, 2008 18:35:48
Records in database: 1424124
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 208220
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 06:30:54


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

This post has been edited by ~Mix: Nov 29 2008, 03:05 PM
Go to the top of the page
 
+Quote Post
emeraldnzl
post Nov 29 2008, 03:39 PM
Post #13


Trusted Helper
Group Icon
Posts: 8,065
OS: XP Pro
Hello ~Mix,

Those ones Kaspersky found are thought of as adware in some quarters but are not malicious. We can delete them if you like but you may want the AOL connection available to you.

They may or may not be the ones Spybot was flagging.

Turning to your computer; I think your machine is clean and we will remove the tools we used at next post unless you want to remove the AOL files in which case we will clean them away at the following post.

Let me know what you want done about those AOL files.
Go to the top of the page
 
+Quote Post
~Mix
post Nov 29 2008, 09:07 PM
Post #14


Member
**
Posts: 77
From: Flint / Clio, Michigan
OS: Windows XP
Hello emeraldnzl,
One of my family members went through the computer today and deleted some programs and unused stuff. As for the AOL program, it has not been used for years so it is all deleted. We have a different internet connector.
From what I have seen from the Spybot scans it was not showing up.

Also thank you for helping me with my computer!
Go to the top of the page
 
+Quote Post
emeraldnzl
post Nov 29 2008, 09:12 PM
Post #15


Trusted Helper
Group Icon
Posts: 8,065
OS: XP Pro
QUOTE
Also thank you for helping me with my computer!


You are most welcome.

Your computer is clean to my eyes. thumbsup.gif

We have a couple of last steps to perform and then you're all set. smile.gif

Please go here to download OTCleanIt.

Run this program to remove the tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose Yes.
MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
    1. Turn off System Restore.
      On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      Check Turn off System Restore.
      Click Apply, and then click OK.
    2. Restart your computer.

    3. Turn ON System Restore.
      On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      UN-Check Turn off System Restore.
      Click Apply, and then click OK.
System Restore will now be active again.
-------------------------------------------------------------------------------------------------------------------

A reminder now: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

-------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:
--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".a
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (Note: this as an added benefit!) that I have seen. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

------------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • SUPERAntiSpyware Free for Home Users to detect and remove spyware.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting
  • Microsoft Windows Update
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
Go to the top of the page
 
+Quote Post
 

2 Pages V   1 2 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Collapse

> Similar Topics

    Topic Title Replies / Views Topic Information
No new   19 / 1,251 9th July 2008 - 03:30 PM
Haji started - last by Rorschach112
No new   16 / 908 1st September 2008 - 08:43 AM
hatefulmalware started - last by kahdah
No new   16 / 797 26th September 2008 - 02:19 PM
ttsstr5 started - last by andrewuk
No new   21 / 940 1st December 2008 - 09:28 AM
HCRX311 started - last by Rorschach112

RSS Time is now: 20th November 2009 - 09:52 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.