code 10 wont reinstall graphics card,after i uninstalled it, wont rein

Hi itryed2,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


Step #1

Run OTList2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTLI
  O33 - MountPoints2\{8e470a4b-078b-11de-a7b6-0011090fc313}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe -- File not found
  O33 - MountPoints2\{8e470a4b-078b-11de-a7b6-0011090fc313}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe -- File not found
  O33 - MountPoints2\{8e470a4b-078b-11de-a7b6-0011090fc313}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
  O33 - MountPoints2\{8e470a4b-078b-11de-a7b6-0011090fc313}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe -- File not found
  O33 - MountPoints2\{8e470a4b-078b-11de-a7b6-0011090fc313}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

Step #2

Launch Malwarebytes' Anti-Malware

• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

I save avp to the desktop but after i restart in safe mode its not on the desktop

ok i have it saved to my desktop,but when i run the setup it says,kaspery has inconterd a problem and needs to close.I click more info and heres the eror code.
AppName: is-to4dd.exe AppVer: 7.0.0.290 ModName: basegui.ppl
ModVer: 7.0.0.290 Offset: 0005c13e

Thanks for the update, for now just run Malwarebytes Anti-Malware and post the scan log.

Malwarebytes' Anti-Malware 1.34
Database version: 1887
Windows 5.1.2600 Service Pack 3

4/13/2009 9:19:24 PM
mbam-log-2009-04-13 (21-19-24).txt

Scan type: Quick Scan
Objects scanned: 74812
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  o Click Preferences, then click the Statistics/Logs tab.
  o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  o Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/15/2009 at 08:23 PM

Application Version : 4.26.1000

Core Rules Database Version : 3846
Trace Rules Database Version: 1801

Scan type : Complete Scan
Total Scan Time : 00:48:46

Memory items scanned : 552
Memory threats detected : 0
Registry items scanned : 4851
Registry threats detected : 0
File items scanned : 51977
File threats detected : 24

Adware.Tracking Cookie
C:\Documents and Settings\terry martinez\Cookies\[email protected][1].txt
C:\Documents and Settings\terry martinez\Cookies\terry_martinez@burstnet[3].txt
C:\Documents and Settings\terry martinez\Cookies\terry_martinez@youporn[2].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][4].txt
C:\Documents and Settings\terry martinez\Cookies\terry_martinez@doubleclick[1].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][2].txt
C:\Documents and Settings\terry martinez\Cookies\terry_martinez@tacoda[3].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][2].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][2].txt
C:\Documents and Settings\terry martinez\Cookies\terry_martinez@interclick[3].txt
C:\Documents and Settings\terry martinez\Cookies\terry_martinez@media6degrees[2].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][1].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][1].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][1].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][2].txt
C:\Documents and Settings\terry martinez\Cookies\terry_martinez@insightexpressai[1].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][1].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][1].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][1].txt
C:\Documents and Settings\terry martinez\Cookies\terry_martinez@burstnet[1].txt
C:\Documents and Settings\terry martinez\Cookies\terry_martinez@interclick[1].txt
C:\Documents and Settings\terry martinez\Cookies\terry_martinez@tacoda[2].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][1].txt
C:\Documents and Settings\terry martinez\Cookies\[email protected][2].txt

How is your computer running?



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Logfile of random's system information tool 1.06 (written by random/random)
Run by terry martinez at 2009-04-16 15:20:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 62 GB (83%) free of 74 GB
Total RAM: 1271 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:28 PM, on 4/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Documents and Settings\terry martinez\Desktop\RSIT.exe
C:\Program Files\trend micro\terry martinez.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SwHelper_1100470.exe -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; IEMB3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; IEMB3)" -"http://www.andkon.co...g/superbikegp/"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: is-GFSM2.lnk = C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool1\is-GFSM2\startup.exe
O4 - Startup: is-I124N.lnk = C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool\is-I124N\startup.exe
O4 - Startup: is-J043M.lnk = C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool\is-J043M\startup.exe
O4 - Startup: is-KP9VV.lnk = C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool\is-KP9VV\startup.exe
O4 - Startup: is-MINV8.lnk = C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool1\is-MINV8\startup.exe
O4 - Startup: is-TO4DD.lnk = C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool2\is-TO4DD\startup.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218858467390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

--
End of file - 7152 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-28 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-28 501056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LXCRCATS"=rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SwHelper_1100470.exe [2008-11-04 460216]

C:\Documents and Settings\terry martinez\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
is-GFSM2.lnk - C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool1\is-GFSM2\startup.exe
is-I124N.lnk - C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool\is-I124N\startup.exe
is-J043M.lnk - C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool\is-J043M\startup.exe
is-KP9VV.lnk - C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool\is-KP9VV\startup.exe
is-MINV8.lnk - C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool1\is-MINV8\startup.exe
is-TO4DD.lnk - C:\Documents and Settings\terry martinez\Desktop\Virus Removal Tool2\is-TO4DD\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-04-02 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\terry martinez\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\terry martinez\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\terry martinez\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\terry martinez\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\SwiftKit\SwiftKit.exe"="C:\Program Files\SwiftKit\SwiftKit.exe:*:Enabled:Toolkit for RuneScape"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-04-16 15:20:10 ----D---- C:\rsit
2009-04-16 06:38:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 06:38:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 06:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 06:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 06:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 06:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 05:05:33 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-11 01:16:45 ----A---- C:\WINDOWS\system32\ywcvwr.dll
2009-04-11 01:16:45 ----A---- C:\WINDOWS\system32\yacsui.dll
2009-04-11 01:16:45 ----A---- C:\WINDOWS\system32\yacscom.dll
2009-04-11 01:16:44 ----D---- C:\Program Files\Dream
2009-04-08 20:08:11 ----A---- C:\Rooter.txt
2009-04-08 20:07:53 ----D---- C:\Rooter$
2009-04-08 20:02:26 ----D---- C:\WINDOWS\ERDNT
2009-04-08 20:01:38 ----D---- C:\Program Files\ERUNT
2009-04-07 12:52:40 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-04-06 20:07:52 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-04-06 20:07:35 ----D---- C:\Program Files\ATI Technologies
2009-04-06 19:59:02 ----A---- C:\WINDOWS\WININIT.INI
2009-04-06 18:08:51 ----D---- C:\ATI
2009-04-06 17:28:48 ----D---- C:\Documents and Settings\terry martinez\Application Data\ATI
2009-04-06 17:22:43 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-04-06 17:22:37 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-04-06 17:22:34 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-04-06 17:20:59 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-04-06 17:20:59 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2009-04-06 17:20:59 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-04-06 17:20:59 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-04-06 17:20:59 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-04-06 17:20:59 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-04-06 17:20:58 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-04-06 17:20:56 ----A---- C:\WINDOWS\system32\atioglx1.dll
2009-04-06 17:20:56 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-04-06 17:20:56 ----A---- C:\WINDOWS\system32\ATIDEMGR.dll
2009-04-06 17:20:56 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-04-06 17:20:56 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-04-06 17:20:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-04-06 17:20:13 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-04-06 17:20:02 ----D---- C:\Diamond
2009-04-06 16:25:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-06 16:17:39 ----D---- C:\Program Files\Driver Sweeper
2009-04-05 20:32:00 ----D---- C:\WINDOWS\Prefetch
2009-04-05 18:56:01 ----D---- C:\hp
2009-04-05 15:07:36 ----D---- C:\WINDOWS\NV388320.TMP
2009-04-05 14:07:17 ----D---- C:\Program Files\DMZ North Korea
2009-04-05 13:57:50 ----D---- C:\Program Files\NetDevil
2009-04-05 12:28:26 ----D---- C:\WINDOWS\nview
2009-04-02 12:44:09 ----D---- C:\Program Files\Trend Micro
2009-04-01 14:27:36 ----HDC---- C:\WINDOWS\ie8
2009-04-01 14:17:53 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-04-01 13:29:00 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-01 13:29:00 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-01 13:29:00 ----A---- C:\WINDOWS\system32\java.exe
2009-03-31 20:40:58 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2009-03-31 20:40:56 ----D---- C:\Program Files\FriendBlasterPro
2009-03-26 16:43:37 ----A---- C:\WINDOWS\TLCUninstall.exe
2009-03-23 03:59:52 ----D---- C:\Documents and Settings\terry martinez\Application Data\Malwarebytes
2009-03-23 03:59:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-23 03:59:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-22 20:10:07 ----D---- C:\_OTListIt

======List of files/folders modified in the last 1 months======

2009-04-16 15:19:57 ----D---- C:\WINDOWS\Temp
2009-04-16 15:19:15 ----D---- C:\Program Files\Mozilla Firefox
2009-04-16 15:03:55 ----D---- C:\WINDOWS\system32
2009-04-16 15:03:55 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 15:01:13 ----D---- C:\WINDOWS
2009-04-16 06:42:29 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 06:42:29 ----D---- C:\WINDOWS\AppPatch
2009-04-16 06:41:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-16 06:41:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-16 06:39:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-16 06:39:01 ----HD---- C:\WINDOWS\inf
2009-04-16 06:37:24 ----D---- C:\WINDOWS\Debug
2009-04-16 06:36:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 17:51:47 ----D---- C:\Program Files\SwiftKit
2009-04-15 12:54:53 ----D---- C:\WINDOWS\.jagex_cache_32
2009-04-13 23:12:18 ----D---- C:\WINDOWS\system32\drivers
2009-04-12 09:45:33 ----A---- C:\DTSHDSpOut.txt
2009-04-11 01:16:44 ----RD---- C:\Program Files
2009-04-07 14:51:45 ----D---- C:\WINDOWS\system32\config
2009-04-07 14:49:05 ----SHD---- C:\WINDOWS\Installer
2009-04-06 20:41:33 ----D---- C:\WINDOWS\Registration
2009-04-06 20:09:04 ----RSD---- C:\WINDOWS\assembly
2009-04-06 20:09:03 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-06 20:08:03 ----D---- C:\WINDOWS\system32\DirectX
2009-04-06 20:07:46 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-06 17:24:28 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-06 17:23:47 ----D---- C:\WINDOWS\RegisteredPackages
2009-04-06 17:22:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-06 16:26:32 ----D---- C:\Documents and Settings
2009-04-06 09:57:24 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-04-05 18:41:19 ----D---- C:\WINDOWS\Help
2009-04-05 17:14:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-05 15:30:27 ----RSD---- C:\WINDOWS\Fonts
2009-04-05 15:30:05 ----D---- C:\WINDOWS\WinSxS
2009-04-05 15:30:01 ----DC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-05 09:38:41 ----D---- C:\WINDOWS\Driver Cache
2009-04-02 13:32:11 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-01 14:32:39 ----D---- C:\WINDOWS\system32\en-us
2009-04-01 14:32:38 ----D---- C:\WINDOWS\Media
2009-04-01 14:32:38 ----D---- C:\Program Files\Internet Explorer
2009-04-01 14:31:10 ----D---- C:\WINDOWS\ie8updates
2009-04-01 14:18:09 ----D---- C:\WINDOWS\security
2009-04-01 13:28:58 ----D---- C:\Program Files\Java
2009-03-30 19:31:03 ----D---- C:\Documents and Settings\terry martinez\Application Data\LimeWire
2009-03-29 23:18:17 ----D---- C:\Documents and Settings\terry martinez\Application Data\Yahoo!
2009-03-27 16:19:50 ----D---- C:\Program Files\lx_cats
2009-03-26 16:43:38 ----D---- C:\Program Files\The Learning Company
2009-03-24 21:21:34 ----SHD---- C:\System Volume Information
2009-03-24 21:21:34 ----D---- C:\WINDOWS\system32\Restore
2009-03-22 20:10:10 ----SD---- C:\WINDOWS\Tasks
2009-03-21 09:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-17 00:54:00 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 is-I124Ndrv;is-I124Ndrv; C:\WINDOWS\system32\DRIVERS\34288023.sys [2008-07-08 148496]
R1 is-J043Mdrv;is-J043Mdrv; C:\WINDOWS\system32\DRIVERS\43188343.sys [2008-07-08 148496]
R1 is-MINV8drv;is-MINV8drv; C:\WINDOWS\system32\DRIVERS\51198876.sys [2008-07-08 148496]
R1 is-TO4DDdrv;is-TO4DDdrv; C:\WINDOWS\system32\DRIVERS\27215848.sys [2008-07-08 148496]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-09 121984]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 is-GFSM2drv;is-GFSM2drv; C:\WINDOWS\system32\DRIVERS\08274255.sys [2008-07-08 148496]
S1 is-KP9VVdrv;is-KP9VVdrv; C:\WINDOWS\system32\DRIVERS\77607328.sys [2008-07-08 148496]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ddxgb;ddxgb; \??\C:\DOCUME~1\TERRYM~1\LOCALS~1\Temp\ddxgb.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-11-17 68954]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SUNPLUS;SightCAM PC-100p; C:\WINDOWS\System32\Drivers\SPIXNEW.SYS [2002-03-07 95528]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-02-20 495616]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-04-16 15:20:38

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced WindowsCare Personal-->"C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DMZ North Korea-->c:\Program Files\DMZ North Korea\System\Setup.exe reallyuninstall Path="c:\Program Files\DMZ North Korea\\\"
Dragons and Dinosaurs Clipart-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Simply Media\ST5UNST.LOG"
Driver Sweeper 1.5.5-->"C:\Program Files\Driver Sweeper\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_495efe4\Setup.exe /APR-REMOVE
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Mahjong 1.1-->"C:\Program Files\Absolutist.com\Mahjong\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mspc2-->MsiExec.exe /I{4D4AAB01-FB62-48EB-AC03-C777B26DD457}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0-->MsiExec.exe /I{428102E6-8A39-48B9-8389-847F5A44A600}
MSXML 4.0-->MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Philips PC Camera-->RunDll32 C:\PROGRA~1\COMMON~1\InstallShield\Professional\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}\setup.exe" -l0x9 -removeonly
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RCA Detective™ 2.0.0.98-->"C:\Documents and Settings\terry martinez\My Documents\RCA Detective\unins000.exe"
RCA easyRip™ 1.4.6.0-->"C:\Documents and Settings\terry martinez\My Documents\RCA easyRip\unins000.exe"
RCA easyRip™ 2.0.8.0-->"C:\Documents and Settings\terry martinez\My Documents\RCA easyRip\unins001.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shock Desktop 3D v0.5-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Shock Utility\ShockDesktop3D\IFU2E5.inf
SightCAM PC-100p-->Rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\Spixnew.ini, DefaultUnInstall
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
StarFlyers Alien Space Chase-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\StarFlyers Alien Space Chase\Uninstall.xml"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SwiftKit-->C:\Program Files\SwiftKit\Uninstall.exe
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Uninstall Dual Mode Camera-->"C:\Program Files\JL2005C\unins000.exe"
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618)-->"C:\WINDOWS\$NtUninstallKB951618$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Messenger 5.1-->MsiExec.exe /I{D1E44702-21F5-4918-B8A3-6D126D5BD33C}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XnView 1.94.2-->"C:\Program Files\XnView\unins000.exe"
Yahaven! 2.6.5-->"C:\Program Files\Dream\Yahaven!\unins000.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090416-0]

======System event log======

Computer Name: HOME-2BC94BDAB5
Event Code: 20063
Message: Remote Access Connection Manager failed to start because the Point to Point
Protocol failed to initialize. The specified module could not be found.


Record Number: 44422
Source Name: Rasman
Time Written: 20090415082558.000000-300
Event Type: error
User:

Computer Name: HOME-2BC94BDAB5
Event Code: 7023
Message: The Remote Access Connection Manager service terminated with the following error:
The specified module could not be found.


Record Number: 44420
Source Name: Service Control Manager
Time Written: 20090415082556.000000-300
Event Type: error
User:

Computer Name: HOME-2BC94BDAB5
Event Code: 20063
Message: Remote Access Connection Manager failed to start because the Point to Point
Protocol failed to initialize. The specified module could not be found.


Record Number: 44418
Source Name: Rasman
Time Written: 20090415082555.000000-300
Event Type: error
User:

Computer Name: HOME-2BC94BDAB5
Event Code: 7023
Message: The Remote Access Connection Manager service terminated with the following error:
The specified module could not be found.


Record Number: 44416
Source Name: Service Control Manager
Time Written: 20090415082554.000000-300
Event Type: error
User:

Computer Name: HOME-2BC94BDAB5
Event Code: 20063
Message: Remote Access Connection Manager failed to start because the Point to Point
Protocol failed to initialize. The specified module could not be found.


Record Number: 44414
Source Name: Rasman
Time Written: 20090415082554.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: HOME-2BC94BDAB5
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module unknown, version 0.0.0.0, fault address 0x0292a261.

Record Number: 895
Source Name: Application Error
Time Written: 20090125190748.000000-360
Event Type: error
User:

Computer Name: HOME-2BC94BDAB5
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module yiesrvc.dll, version 2007.12.12.1, fault address 0x00007c74.

Record Number: 894
Source Name: Application Error
Time Written: 20090125180702.000000-360
Event Type: error
User:

Computer Name: HOME-2BC94BDAB5
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module unknown, version 0.0.0.0, fault address 0x028a900b.

Record Number: 892
Source Name: Application Error
Time Written: 20090125133242.000000-360
Event Type: error
User:

Computer Name: HOME-2BC94BDAB5
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module unknown, version 0.0.0.0, fault address 0x028b6fc8.

Record Number: 891
Source Name: Application Error
Time Written: 20090125132825.000000-360
Event Type: error
User:

Computer Name: HOME-2BC94BDAB5
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module unknown, version 0.0.0.0, fault address 0x028eb951.

Record Number: 890
Source Name: Application Error
Time Written: 20090125101801.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

You are using peer-to-peer programs, specifically LimeWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.


Step #1

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :processes
  explorer.exe
  
  :Services
  ddxgb
  is-GFSM2drv
  is-KP9VVdrv
  
  :Files
  C:\DOCUME~1\TERRYM~1\LOCALS~1\Temp\ddxgb.sys
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Step #2

Download RootRepeal.zip and unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

when i run RootRepeal a box pops up saying error invaled PE image found.but here is the log from OTmoveit


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver ddxgb deleted successfully.

Service\Driver is-GFSM2drv deleted successfully.

Service\Driver is-KP9VVdrv deleted successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\TERRYM~1\LOCALS~1\Temp\ddxgb.sys not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\TERRYM~1\LOCALS~1\Temp\etilqs_T3YnUmg2VgO8j5vSbDq7 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\terry martinez\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_22c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_68c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04162009_160404

Files moved on Reboot...
File C:\DOCUME~1\TERRYM~1\LOCALS~1\Temp\etilqs_T3YnUmg2VgO8j5vSbDq7 not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_22c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_68c.dat not found!
C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\terry martinez\Local Settings\Application Data\Mozilla\Firefox\Profiles\tkve29t6.default\XUL.mfl moved successfully.

Hm, thats odd:


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

You say unzip files,that means extract files correct?because thats what ive been doing?Gmer starts scanning when i click run,but everything was checked liked you said to do.here is the log.

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-16 17:30:21
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

You say unzip files,that means extract files correct?

Yes.


Is that the whole log?