Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
2 Pages V   1 2 >  
 Closed TopicStart new topic
"Your computer is infected!" Help! [RESOLVED]
vincel3489
post Oct 18 2008, 11:40 AM
Post #1


Member
**
Posts: 10
OS: windows xp
I've had this problem now for two days. I can not run my spybot s&d or my avg anti virus. I use windows xp. The computer itself seems to run, but this is an annoying issue that im sure is not good to have. help will be greatly appreciated thank you in advance!

Log created by WinPatrol version 15.9.2008.5:15.9.2008.5
Scan saved at 1:33:42 PM, on 10/18/2008
Platform: Windows XP SP3 Home Edition Service Pack 3 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRAM FILES\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\bin\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE
C:\PROGRAM FILES\Google\Common\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\WINDOWS\system32\PSISERVICE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRAM FILES\CYBERLINK\PowerDVD\PDVDServ.exe
C:\PROGRAM FILES\EMACHINES BAY READER\SHWICONEM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRAM FILES\Java\JRE1.6.0_03\bin\jusched.exe
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\mm_tray.exe
C:\PROGRAM FILES\iTunes\ITUNESHELPER.EXE
C:\PROGRAM FILES\MESSENGER\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\data\Xtras\mssysmgr.exe
C:\PROGRAM FILES\AIM\aim.exe
C:\PROGRAM FILES\Google\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\Belkin\PCI F5D7000\WIRELESS UTILITY\BELKINWCUI.EXE
C:\PROGRAM FILES\BigFix\BigFix.exe
C:\PROGRAM FILES\iPod\bin\IPODSERVICE.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WksWP.exe
C:\PROGRAM FILES\MICROSOFT WORKS\msworks.exe
C:\PROGRAM FILES\MICROSOFT WORKS\wkgdcach.exe
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O1 - Hosts: 127.0.0.
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\googletoolbar1.dll
O4 - HKLM\..\Run: [CHotkey]zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl]C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunKistEM]C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [IgfxTray]C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck]C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC]C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MMTray]C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MsgCenterExe]C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [iTunesHelper]C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS]C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]C:\Program Files\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM]C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent]C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
O4 - HKCU\..\Run: [swg]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Belkin Wireless Utility.lnk=C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: BigFix.lnk=C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.6.0_03\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.emachines.com
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165244532687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165244594656
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs: karna.dat

O23 - Service: Atheros Configuration Service - - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Human Interface Device Access - - C:\WINDOWS\System32\hidserv.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - - C:\WINDOWS\system32\PSIService.exe

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16735
MSIE: Internet Explorer (7.00.6000.16735)
952 IE Cookies in Folder: C:\Documents and Settings\Owner\Cookies\

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\~nsu.tmp\Au_.exe
WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\~nsu.tmp\Au_.exe
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [AppleSoftwareUpdate.job]C:\Program Files\Apple Software Update\SoftwareUpdate.exe 10/13/2008 10:30 AM

WP16 - ActiveX: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [Google Script Object] C:\PROGRAM FILES\Google\GOOGLETOOLBAR1.DLL 4, 0, 1602, 1060
WP16 - ActiveX: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [QuickTime Object] C:\PROGRAM FILES\QUICKTIME\QTPlugin.ocx QuickTime 7.4.1
WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\system32\LEGITCHECKCONTROL.DLL 1.7.0018.5
WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] C:\WINDOWS\system32\icardie.dll 7.00.6000.16735
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.4503
WP16 - ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} [Shockwave ActiveX Control] C:\WINDOWS\system32\Macromed\Director\swdir.dll 10.2
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\WINDOWS\system32\mshtml.dll 7.00.6000.16735
WP16 - ActiveX: {25336921-03F9-11CF-8FD0-00AA00686F13} [Microsoft HTML Document 6.0] C:\WINDOWS\system32\mshtml.dll 7.00.6000.16735
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {2933BF94-7B36-11D2-B20E-00C04F983E60} [XSL Template] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [DHTML Edit Control Safe for Scripting for IE5] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\Triedit\dhtmled.ocx 6.01.9234
WP16 - ActiveX: {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HtmlDlgSafeHelper Class] C:\WINDOWS\system32\mshtmled.dll 7.00.6000.16735
WP16 - ActiveX: {333C7BC4-460F-11D0-BC04-0080C7055A83} [Tabular Data Control] C:\WINDOWS\system32\tdc.ocx 7.00.5730.11
WP16 - ActiveX: {37A273C2-5129-11D5-BF37-00A0CCE8754B} [TTestGenXInstallObject] C:\WINDOWS\Downloaded Program Files\TestGenXInstall.dll 1,0,0,7
WP16 - ActiveX: {4063BE15-3B08-470D-A0D5-B37161CFFD69} [QuickTime Object] C:\PROGRAM FILES\QUICKTIME\QTPlugin.ocx QuickTime 7.4.1
WP16 - ActiveX: {459E93B6-150E-45D5-8D4B-45C66FC035FE} [get_atlcom Class] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IEGETPLUGIN.OCX 1, 2, 0, 11
WP16 - ActiveX: {48123BC4-99D9-11D1-A6B3-00C04FD91555} [XML Document] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {48DD0448-9209-4F81-9F6D-D83562940134} [MySpace Uploader Control] C:\WINDOWS\DOWNLOADED PROGRAM FILES\MYSPACEUPLOADER.OCX 1, 0, 0, 6
WP16 - ActiveX: {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Shell Name Space] C:\WINDOWS\system32\ieframe.dll 7.00.6000.16757
WP16 - ActiveX: {5B7524C8-2446-40E9-9474-94A779DBA224} [InstallShield Update Service Agent] C:\WINDOWS\DOWNLOADED PROGRAM FILES\isusweb.dll 3, 10
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\system32\wuweb.dll 7.2.6001.784
WP16 - ActiveX: {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} [Microsoft Shell UI Helper] C:\WINDOWS\system32\ieframe.dll 7.00.6000.16757
WP16 - ActiveX: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [DivXBrowserPlugin Object] C:\PROGRAM FILES\DivX\DIVX WEB PLAYER\npdivx32.dll 1, 3, 1, 10
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\system32\wmp.dll 9.00.00.4503
WP16 - ActiveX: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [MUWebControl Class] C:\WINDOWS\system32\muweb.dll 7.2.6001.784
WP16 - ActiveX: {72C24DD5-D70A-438B-8A42-98424B88AFB8} [Windows Script Host Shell Object] C:\WINDOWS\system32\wshom.ocx 5.7.0.18066
WP16 - ActiveX: {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {7584c670-2274-4efb-b00b-d6aaba6d3850} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {7999FC25-D3C6-11CF-ACAB-00A024A55AEF} [COM+ Transaction Context Component] C:\WINDOWS\system32\comsvcs.dll 03.00.00.4414
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.6000.16757
WP16 - ActiveX: {88D969C0-F192-11D4-A65F-0040963251E5} [XML DOM Document 4.0] C:\WINDOWS\system32\msxml4.dll 4.20.9848.0
WP16 - ActiveX: {88D969C1-F192-11D4-A65F-0040963251E5} [Free Threaded XML DOM Document 4.0] C:\WINDOWS\system32\msxml4.dll 4.20.9848.0
WP16 - ActiveX: {88D969C3-F192-11D4-A65F-0040963251E5} [XSL Template 4.0] C:\WINDOWS\system32\msxml4.dll 4.20.9848.0
WP16 - ActiveX: {88D969C5-F192-11D4-A65F-0040963251E5} [XML HTTP 4.0] C:\WINDOWS\system32\msxml4.dll 4.20.9848.0
WP16 - ActiveX: {88D96A05-F192-11D4-A65F-0040963251E5} [XML DOM Document 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1076.0
WP16 - ActiveX: {88D96A06-F192-11D4-A65F-0040963251E5} [Free Threaded XML DOM Document 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1076.0
WP16 - ActiveX: {88D96A08-F192-11D4-A65F-0040963251E5} [XSL Template 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1076.0
WP16 - ActiveX: {88D96A0A-F192-11D4-A65F-0040963251E5} [XML HTTP 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1076.0
WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_03] C:\PROGRAM FILES\Java\JRE1.6.0_03\bin\ssv.dll 6.0.30.5
WP16 - ActiveX: {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {95D88B35-A521-472B-A182-BB1A98356421} [Pearson Installation Assistant 2] C:\WINDOWS\Downloaded Program Files\PearsonInstallAsst2.ocx 1.0.0.0
WP16 - ActiveX: {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [RMGetLicense Class] C:\WINDOWS\system32\msnetobj.dll 10.00.00.3802
WP16 - ActiveX: {BD96C556-65A3-11D0-983A-00C04FC29E36} [RDS.DataSpace] C:\PROGRAM FILES\COMMON FILES\System\msadc\msadco.dll 2.81.1132.0
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe Acrobat Control for ActiveX] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\pdf.ocx 6.0.1.2003110300
WP16 - ActiveX: {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MID Moniker Class] C:\WINDOWS\system32\wmp.dll 9.00.00.4503
WP16 - ActiveX: {CD3AFA78-B84F-48F0-9393-7EDC34128127} [AUDIO__MPEGURL Moniker Class] C:\WINDOWS\system32\wmp.dll 9.00.00.4503
WP16 - ActiveX: {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] C:\WINDOWS\system32\wmp.dll 9.00.00.4503
WP16 - ActiveX: {CD3AFA94-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] C:\WINDOWS\system32\wmp.dll 9.00.00.4503
WP16 - ActiveX: {CD3AFA95-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WVX Moniker Class] C:\WINDOWS\system32\wmp.dll 9.00.00.4503
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx 9,0,115,0
WP16 - ActiveX: {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} [GetInfo Class] C:\PROGRAM FILES\Yahoo!\Common\yverinfo.dll 2, 0, 0, 0
WP16 - ActiveX: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [iTunesDetector Class] C:\PROGRAM FILES\iTunes\ITDETECTOR.OCX 2, 0, 0, 1
WP16 - ActiveX: {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [QuickTimeCheck Class] C:\PROGRAM FILES\QUICKTIME\QTSystem\QUICKTIMECHECK.OCX QuickTime 7.4.1
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {E6D23284-0E9B-417D-A782-03E4487FC947} [Pearson MathXL Player] C:\WINDOWS\Downloaded Program Files\MathPlayer.ocx 1.0.0.0
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {EE09B103-97E0-11CF-978F-00A02463E06F} [Scripting.Dictionary] C:\WINDOWS\system32\scrrun.dll 5.7.0.18066
WP16 - ActiveX: {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document 3.0] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {F5078F33-C551-11D3-89B9-0000F81FE221} [Free Threaded XML DOM Document 3.0] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {F5078F34-C551-11D3-89B9-0000F81FE221} [XML Schema Cache 3.0] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {F5078F35-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {F5078F36-C551-11D3-89B9-0000F81FE221} [XSL Template 3.0] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {F5078F39-C551-11D3-89B9-0000F81FE221} [XML Data Source Object 3.0] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {F6D90F12-9C73-11D3-B32E-00C04F990BB4} [Free Threaded XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {F6D90F14-9C73-11D3-B32E-00C04F990BB4} [XML Data Source Object] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.4503
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} [Shockwave ActiveX Control] C:\WINDOWS\system32\Macromed\Director\swdir.dll 10.2
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.4503
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\system32\hhctrl.ocx 5.2.3790.4110
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.6000.16757
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 7.00.6000.16735
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe Acrobat Control for ActiveX] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\pdf.ocx 6.0.1.2003110300
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx 9,0,115,0
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\CONFIG.SYS
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\IPH.PH
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\493F5D5E7B.sys
WP32 - Hidden File: C:\WINDOWS\system32\7B5E5D3F49.sys
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\KGyGaAvL.sys
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\mlfcache.dat
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\Owner\Local Settings\Temp\TempFolder.aaa\Macromedia.lok

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .AVI: [iTunes]C:\Program Files\iTunes\iTunes.exe /open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [WordPad Document]C:\Program Files\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MPEG Layer 3 Audio]C:\Program Files\iTunes\iTunes.exe /open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Document]C:\Program Files\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .SBS: [Spyware supplemental file]C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*

Memory currently in use: 60%
Physical Memory Free: 208,500 KB
Paging File Free: 908,876 KB
Virtual Memory Free: 2,055,108 KB


--
End of file
Go to the top of the page
 
+Quote Post
kahdah
post Oct 18 2008, 01:11 PM
Post #2


GeekU Teacher
Group Icon
Posts: 10,074
From: Somewhere
OS: Windows xp home



Hello vincel3489

Welcome to G2Go. smile.gif
=====================

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Go to the top of the page
 
+Quote Post
vincel3489
post Oct 18 2008, 06:39 PM
Post #3


Member
**
Posts: 10
OS: windows xp
Log file
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-18 20:37:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 107 GB (70%) free of 153 GB
Total RAM: 510 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:21 PM, on 10/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Works\wkswp.exe
c:\Program Files\Microsoft Works\MSWorks.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-993879384-3759993532-4233882325-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165244532687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165244594656
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 8698 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-25 2554944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2003-06-03 496640]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-11-01 32768]
"SunKistEM"=C:\Program Files\eMachines Bay Reader\shwiconem.exe [2004-03-11 135168]
""= []
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-02-10 118784]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-17 590848]
"MMTray"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2003-04-09 143360]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-02-01 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe [2005-02-26 212992]
"AIM"=C:\Program Files\AIM\aim.exe [2005-08-05 67160]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-25 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphceb1j0e73v]
C:\WINDOWS\system32\lphceb1j0e73v.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcab1j0e73v]
C:\Program Files\rhcab1j0e73v\rhcab1j0e73v.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2008-10-18 20:37:09 ----D---- C:\rsit
2008-10-18 13:33:24 ----D---- C:\Documents and Settings\Owner\Application Data\WinPatrol
2008-10-18 13:32:19 ----D---- C:\Program Files\BillP Studios
2008-10-18 13:29:06 ----D---- C:\Program Files\Trend Micro
2008-10-18 13:12:26 ----D---- C:\Program Files\Adware Away
2008-10-18 05:45:06 ----A---- C:\WINDOWS\system32\wini10801.exe
2008-10-18 05:42:10 ----A---- C:\WINDOWS\system32\delself.bat
2008-10-18 05:42:09 ----A---- C:\WINDOWS\system32\brastk.exe
2008-10-18 05:37:05 ----A---- C:\WINDOWS\system32\TDSSlxcp.dll
2008-10-18 05:37:05 ----A---- C:\WINDOWS\system32\TDSSkhyf.dll
2008-10-18 05:37:03 ----A---- C:\WINDOWS\system32\TDSSvkql.dll
2008-10-18 05:37:03 ----A---- C:\WINDOWS\system32\TDSScfmm.dll
2008-10-18 05:37:02 ----A---- C:\WINDOWS\system32\TDSShrxx.dll
2008-10-18 05:36:57 ----A---- C:\WINDOWS\system32\TDSSoiqt.dll
2008-10-18 01:48:15 ----A---- C:\WINDOWS\brastk.exe
2008-10-15 07:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 07:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 07:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 07:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 07:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-23 07:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-23 05:50:04 ----D---- C:\WINDOWS\Prefetch
2008-09-23 05:45:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-23 05:45:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-23 05:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-23 05:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-23 05:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-23 05:44:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-23 05:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-23 05:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-23 05:44:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-23 05:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-23 05:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-23 05:36:56 ----D---- C:\WINDOWS\system32\scripting
2008-09-23 05:36:54 ----D---- C:\WINDOWS\l2schemas
2008-09-23 05:36:52 ----D---- C:\WINDOWS\system32\en

======List of files/folders modified in the last 1 months======

2008-10-18 13:32:19 ----RD---- C:\Program Files
2008-10-18 13:20:31 ----D---- C:\WINDOWS\Temp
2008-10-18 13:18:19 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-10-18 13:12:27 ----D---- C:\WINDOWS
2008-10-18 13:10:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-18 13:02:22 ----SHD---- C:\WINDOWS\Installer
2008-10-18 13:02:21 ----D---- C:\WINDOWS\WinSxS
2008-10-18 12:59:42 ----A---- C:\WINDOWS\win.ini
2008-10-18 05:57:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-18 05:50:44 ----D---- C:\WINDOWS\system32
2008-10-18 05:50:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-18 05:47:37 ----D---- C:\WINDOWS\system32\config
2008-10-18 05:47:25 ----D---- C:\WINDOWS\system32\wbem
2008-10-18 05:47:25 ----D---- C:\WINDOWS\Registration
2008-10-18 05:44:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-18 05:42:10 ----D---- C:\WINDOWS\Drivers
2008-10-18 05:37:01 ----D---- C:\WINDOWS\system32\drivers
2008-10-18 01:20:35 ----D---- C:\Program Files\Soulseek
2008-10-17 19:23:21 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-17 19:23:16 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-10-17 12:00:20 ----D---- C:\Documents and Settings\Owner\Application Data\AVG7
2008-10-16 05:13:30 ----D---- C:\Program Files\Image-Line
2008-10-16 05:13:01 ----D---- C:\Program Files\VstPlugins
2008-10-15 07:04:29 ----HD---- C:\WINDOWS\inf
2008-10-15 07:04:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 07:04:22 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 07:03:58 ----D---- C:\Program Files\Internet Explorer
2008-10-15 07:03:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-15 05:22:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-15 05:17:57 ----D---- C:\Program Files\Paint Shop Pro 5
2008-10-07 19:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 17:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-23 14:05:31 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-23 05:50:17 ----A---- C:\WINDOWS\setuplog.txt
2008-09-23 05:49:35 ----D---- C:\WINDOWS\system32\Setup
2008-09-23 05:49:35 ----D---- C:\Program Files\Messenger
2008-09-23 05:49:34 ----D---- C:\WINDOWS\AppPatch
2008-09-23 05:49:33 ----RSD---- C:\WINDOWS\Fonts
2008-09-23 05:45:48 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-23 05:43:34 ----D---- C:\WINDOWS\security
2008-09-23 05:37:40 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-23 05:37:38 ----D---- C:\Program Files\Windows Media Player
2008-09-23 05:37:37 ----D---- C:\WINDOWS\Help
2008-09-23 05:37:23 ----D---- C:\WINDOWS\network diagnostic
2008-09-23 05:37:22 ----D---- C:\WINDOWS\ime
2008-09-23 05:36:57 ----D---- C:\WINDOWS\system32\usmt
2008-09-23 05:36:57 ----D---- C:\WINDOWS\system32\en-US
2008-09-23 05:36:52 ----D---- C:\WINDOWS\system32\bits
2008-09-23 05:36:52 ----D---- C:\WINDOWS\peernet
2008-09-23 05:36:51 ----D---- C:\Program Files\Movie Maker
2008-09-23 05:32:58 ----D---- C:\WINDOWS\system32\Restore
2008-09-23 05:32:58 ----D---- C:\WINDOWS\system32\npp
2008-09-23 05:32:56 ----D---- C:\WINDOWS\msagent
2008-09-23 05:32:55 ----D---- C:\WINDOWS\srchasst
2008-09-23 05:32:53 ----D---- C:\Program Files\NetMeeting
2008-09-23 05:32:52 ----D---- C:\WINDOWS\system32\Com
2008-09-23 05:32:48 ----D---- C:\Program Files\Windows NT
2008-09-23 05:32:48 ----D---- C:\Program Files\Outlook Express
2008-09-23 05:32:44 ----D---- C:\Program Files\Common Files\System
2008-09-23 05:32:19 ----D---- C:\WINDOWS\system32\oobe
2008-09-23 05:32:16 ----D---- C:\WINDOWS\system
2008-09-23 05:28:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-23 05:28:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-23 05:23:59 ----D---- C:\WINDOWS\EHome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-25 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2006-12-04 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-25 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-21 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-05 17801]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2006-12-04 4960]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 BLKWGD;Belkin Wireless G Desktop Card Service; C:\WINDOWS\system32\DRIVERS\BLKWGD.sys [2005-06-02 463872]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-02-07 28276]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\wlanndi5.SYS []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2004-01-30 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2004-01-30 99002]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-10 601100]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-14 1042816]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-14 210304]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MusCDriverV32;MusCDriverV32; C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-12-28 513152]
S3 MusCVideo32;MusCVideo32; C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2007-12-28 3768]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PAC207;CIF USB Camera; C:\WINDOWS\system32\DRIVERS\PFC027.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-14 679808]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2005-05-05 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-08 168432]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-03 174656]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-25 418816]
S2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2006-12-04 49664]
S2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-21 406528]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]

-----------------EOF-----------------


Info file
info.txt logfile of random's system information tool 1.04 2008-10-18 20:37:26

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adware Away v3.1.4.7-->"C:\Program Files\Adware Away\unins000.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB2A3A6-6789-4260-9966-517498589AB5}\setup.exe" -l0x9
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\setup.exe" -l0x9
AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Belkin Wireless Utility-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5314FAC0-F8A5-4432-8980-251D055B2C5B}
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Bonjour-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
CompuServe-->C:\Program Files\Common Files\csshare\csunins_us.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
eMachines Bay Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ-->C:\PROGRA~1\ICQ\ICQUninstall.EXE
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lexmark 640 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE -dLexmark 640 Series
MaxBlast 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Nero PhotoShow Express-->"C:\Program Files\Nero\data\Xtras\Uninstall.exe"
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Netscape 6 (6.2.1)-->C:\WINDOWS\N6Uninst.exe /ua "6.2.1 (en)"
Paint