Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problems with videos

Started by reverseguy , Nov 26 2008 04:19 PM

  • Please log in to reply

#1
reverseguy
Posted 26 November 2008 - 04:19 PM

reverseguy

    New Member

  • Member
  • Pip
  • 4 posts
Help, I can;t go to youtube or watch any videos that are posted on other sites that come from youtube. I can go to Google video and watch there unless it is posted from youtube. This problem just started and I have run every spyware program and vurus program there is. No help. I'm pretty sure it's a spyware program because it just started. It began when I would search on Google I would get some phoney links and when I would go there nothing. Could someone give me some advice, THANKS!
  • 0

Advertisements

#2
Gravity Gripp
Posted 01 December 2008 - 09:52 AM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
reverseguy, Welcome to Geeks-To-Go. My name is GravityGripp and I'll be assisting you with your
issues.

First, when you post logs here, post them directly into the reply. Do not attach them, unless told to do so. Also, do not alter the font, color, or size of these logs. This will help me, help you.

Also, if I have not responded to you in a time period longer than 4 days, please feel free to PM me.

Thanks and I look forward to working with you. :)

The first thing that I need for you to do is visit this post and follow the directions there before we can proceed. You Must Read This Before Posting

When you've obtained a HiJackThis log, please post it in a reply to this post.
  • 0

#3
reverseguy
Posted 01 December 2008 - 11:29 AM

reverseguy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank You Gravity Grip. I have done everything on the list and essentiaaly no difference. I can't view youtube videos on any site and can't go to youtube site. There are also other sites I can't seem to got to, including Wikipedia. What makes me think it's spyware or virus is that there was a time I couldn't go to google video but after runninh spybot I could at least go there but still can't view youtube posted videos. I'm posting hijackthis log thanks for all help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:15 AM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [VTTimer] "C:\WINDOWS\system32\VTTimer.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1221631389218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1223756976535
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11889 bytes
  • 0

#4
Gravity Gripp
Posted 01 December 2008 - 01:06 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
Alright, so the first thing I see is that you have two anti-virus applications running. It is NEVER a good idea to run two and it will destroy your computer performance.


STEP ONE
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Avast!
OR
Symantec Anti-Virus

Please note any other programs that you dont recognize in that list in your next response

STEP TWO
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

STEP THREE
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#5
reverseguy
Posted 01 December 2008 - 02:27 PM

reverseguy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I did run Malware Bytes earlier and nothing. I thought I uninstalled Symantec so I did not know I was running 2.
Here are The logs

info.txt logfile of random's system information tool 1.04 2008-12-01 12:24:57

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
0.1-->"C:\Program Files\RT Scan Tool\unins000.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Agere Systems PCI Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arovax AntiSpyware 2.1.153-->C:\Program Files\Arovax AntiSpyware\uninst.exe
Ashampoo Burning Studio 6 FREE-->"G:\Ashampoo Burning Studio 6 FREE\unins000.exe"
Audacity 1.3.5 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe
BOClean-->C:\WINDOWS\UNBOC.EXE
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Eusing Free Registry Cleaner-->C:\PROGRA~1\Eusing Free Registry Cleaner\UNWISE.EXE C:\PROGRA~1\Eusing Free Registry Cleaner\INSTALL.LOG
Financial Freedom RMA Installer-->MsiExec.exe /I{171B4856-C134-492C-BF2A-2C227217F2E0}
Gimp 2.6.0-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_11CB06797F2F038A.exe" /uninstall
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5-->C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HPIZ350-->MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Karen's Replicator-->C:\Program Files\Karen's Power Tools\Replicator\uninst.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Mobile Video-->MsiExec.exe /X{31B9F727-3247-4E14-BA5B-14AF8DFCC5CE}
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
MozyHome Remote Backup-->MsiExec.exe /X{3EB90211-5E1E-42A6-9C27-E42C4771F7DC}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
nCleaner second 2.3.4.0-->C:\Program Files\NKProds\nCleaner\uninstall.exe
office Convert All to Image Jpg Jpeg Free 4.9-->"C:\Program Files\office Convert All to Image Jpg Jpeg Free\unins000.exe"
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Palm-->MsiExec.exe /X{A005B38F-D5AB-4E35-93DD-9886E449FAF1}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC SpeedScan Pro-->C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -runfromtemp -l0x0009 -removeonly
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Point 6.1-->MsiExec.exe /X{5B7D68A3-C39B-4BC5-BDF1-22085290C43C}
Point 6.2-->MsiExec.exe /X{BF493FC0-48B9-45C1-A482-EF04813926BB}
Point Network Installation 6.1-->MsiExec.exe /X{4B355C96-BD4A-490D-91C8-5B424E2D1978}
Point-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85BC5C08-E73D-11D2-964D-444553540000}\SETUP.EXE" -l0x9 -uninst
POINTAGENT-->C:\PROGRA~1\POINTA~1\UNWISE.EXE C:\PROGRA~1\POINTA~1\INSTALL.LOG
Prevx CSI-->"C:\Program Files\PrevxCSI\prevxcsi.exe" /prop UNINSTALL=Y
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
Publisher WordArt Compatibility Add-In-->RunDll32 syssetup.dll,SetupInfObjectInstallAction Uninstall.NT 4 pbwrdart.inf
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Reverse Mortgage Analyzer 97SP-->MsiExec.exe /I{1262AA62-4282-45F0-8DD1-C61588BBF6FB}
Reverse Mortgage Analyzer-->C:\FFRMA\setup\setup.exe
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Smart Defrag 1.02-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Ss Registry Fixer 2.0-->"C:\Program Files\Ss-Tools\Registry Fixer\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Toolkit View(HP)-->c:\Windows\HPTK\unhptkit.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
USB MassStorage CardReader-->C:\Program Files\Kodak\040a_5005\Remove.exe
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
VisualTool-->C:\Program Files\VisualTool\uninstall.exe
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
Wise Disk Cleaner 3.74-->"C:\Program Files\Wise Disk Cleaner\unins000.exe"
Wise Registry Cleaner 3 Free 3.73-->"C:\Program Files\Wise Registry Cleaner 3\unins000.exe"
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
ZSoft Uninstaller 2.4.1-->F:\Uninstaller\uninst.exe

======Hosts File======

127.0.0.1 go.mail.ru
127.0.0.1 nova.rambler.ru
127.0.0.1 youtube.com
127.0.0.1 www.youtube.com
127.0.0.1 my.att.net
127.0.0.1 yandex.ru
127.0.0.1 www.yandex.ru
127.0.0.1 yandex.ua
127.0.0.1 www.yandex.ua
127.0.0.1 baidu.com

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081130-0] (disabled)
AV: Symantec AntiVirus Corporate Edition (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by RWhitrock at 2008-12-01 12:24:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (45%) free of 70 GB
Total RAM: 959 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:53 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\RWhitrock\Local Settings\Temporary Internet Files\Content.IE5\PL1SE19A\RSIT[1].exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\RWhitrock.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [VTTimer] "C:\WINDOWS\system32\VTTimer.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1221631389218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1223756976535
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12349 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6F989EFA-7682-4A5C-8A8D-76F81D06DBB9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-25 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-25 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-25 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\program files\hp\digital imaging\bin\hpdtlk02.dll [2003-11-21 98304]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-25 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-22 136600]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-04-20 118784]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-28 88364]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"BOC-427"=C:\PROGRA~1\Comodo\CBOClean\BOC427.exe [2008-07-14 351480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-25 39408]
"Arovax AntiSpyware"=C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe [2007-09-21 1966080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-21 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe [2003-07-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
C:\PROGRA~1\UPDATE~1\137903\Program\BACKWE~1.EXE [2004-05-12 16384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-04-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegedit"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoBandCustomize"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoBandCustomize"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe"="C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-01 12:24:45 ----D---- C:\rsit
2008-12-01 12:20:27 ----D---- C:\Documents and Settings\RWhitrock\Application Data\ImgBurn
2008-12-01 12:20:12 ----D---- C:\Program Files\ImgBurn
2008-12-01 08:55:51 ----D---- C:\Program Files\ERUNT
2008-11-30 20:11:32 ----D---- C:\Program Files\Common Files\Softwin
2008-11-30 19:38:11 ----D---- C:\Documents and Settings\RWhitrock\Application Data\WinPatrol
2008-11-30 19:36:28 ----D---- C:\Program Files\BillP Studios
2008-11-30 15:32:47 ----D---- C:\Program Files\PrevxCSI
2008-11-30 15:32:36 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-11-30 15:06:11 ----A---- C:\WINDOWS\UNBOC.EXE
2008-11-30 15:06:08 ----A---- C:\WINDOWS\CMDLIC.DLL
2008-11-30 15:06:00 ----D---- C:\Documents and Settings\All Users\Application Data\BOC427
2008-11-30 15:05:54 ----A---- C:\WINDOWS\BOC427.INI
2008-11-30 15:05:51 ----D---- C:\Program Files\Comodo
2008-11-30 14:43:24 ----D---- C:\WINDOWS\BDOSCAN8
2008-11-29 18:34:39 ----D---- C:\Program Files\Wise Disk Cleaner
2008-11-29 18:29:58 ----D---- C:\Program Files\Wise Registry Cleaner 3
2008-11-29 18:22:40 ----D---- C:\Program Files\Ss-Tools
2008-11-29 18:17:43 ----D---- C:\Program Files\RT Scan Tool
2008-11-29 15:37:46 ----D---- C:\Program Files\Windows Installer Clean Up
2008-11-29 15:36:46 ----D---- C:\Program Files\MSECACHE
2008-11-29 15:10:10 ----D---- C:\Program Files\iTOK
2008-11-26 18:59:50 ----D---- C:\Program Files\Panda Security
2008-11-26 16:05:28 ----SHD---- C:\RECYCLER
2008-11-26 16:01:14 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-26 16:01:14 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\swsc.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\swreg.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\Process.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-26 14:46:47 ----D---- C:\WINDOWS\temp
2008-11-26 14:46:46 ----A---- C:\ComboFix.txt
2008-11-26 14:34:35 ----D---- C:\SDFix
2008-11-25 19:04:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-25 19:04:33 ----D---- C:\Program Files\Alwil Software
2008-11-25 18:05:17 ----D---- C:\Program Files\Spyware Doctor
2008-11-25 18:05:17 ----D---- C:\Documents and Settings\RWhitrock\Application Data\PC Tools
2008-11-25 18:04:38 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-25 15:11:09 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-25 14:51:55 ----D---- C:\Documents and Settings\RWhitrock\Application Data\Ashampoo
2008-11-25 14:51:45 ----D---- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-11-25 13:31:35 ----A---- C:\WINDOWS\system32\NMSDVDXU.dll
2008-11-25 13:31:34 ----A---- C:\WINDOWS\system32\viscomwave.dll
2008-11-25 13:31:33 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2008-11-25 13:31:33 ----A---- C:\WINDOWS\system32\FoxImager.dll
2008-11-25 11:22:16 ----D---- C:\Documents and Settings\All Users\Application Data\Arovax
2008-11-25 11:22:14 ----D---- C:\Program Files\Arovax AntiSpyware
2008-11-25 10:53:16 ----D---- C:\Program Files\Windows Defender
2008-11-25 10:15:46 ----D---- C:\Documents and Settings\RWhitrock\Application Data\.BitTornado
2008-11-25 10:11:55 ----D---- C:\Program Files\BitTornado
2008-11-24 18:38:17 ----D---- C:\Program Files\ZSoft
2008-11-24 14:12:24 ----D---- C:\Documents and Settings\RWhitrock\Application Data\Help
2008-11-24 09:52:32 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-24 09:52:29 ----A---- C:\rapport.txt
2008-11-23 18:53:25 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-11-23 11:10:55 ----A---- C:\WINDOWS\SWREG.exe
2008-11-23 11:10:55 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\zip.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\VFIND.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\SWSC.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\sed.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\grep.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\fdsv.exe
2008-11-23 11:10:46 ----D---- C:\WINDOWS\ERDNT
2008-11-23 11:10:46 ----AD---- C:\Qoobox
2008-11-23 10:59:03 ----D---- C:\!KillBox
2008-11-23 09:59:31 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2008-11-22 14:16:27 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-22 14:16:27 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-22 14:16:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-22 14:16:26 ----A---- C:\WINDOWS\system32\java.exe
2008-11-22 13:47:15 ----D---- C:\Program Files\Browser Hijack Recover
2008-11-22 13:24:27 ----D---- C:\fsaua.data
2008-11-22 12:25:22 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-21 16:23:02 ----D---- C:\Documents and Settings\RWhitrock\Application Data\Sunbelt
2008-11-21 16:22:23 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-11-21 16:21:47 ----D---- C:\Program Files\Sunbelt Software
2008-11-20 17:22:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-19 20:48:45 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-19 15:51:59 ----D---- C:\Program Files\Advanced Spyware Remover
2008-11-19 15:47:23 ----A---- C:\index.ini
2008-11-19 07:14:40 ----D---- C:\Program Files\Lavasoft
2008-11-19 07:14:40 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-18 20:28:38 ----D---- C:\Program Files\Trend Micro
2008-11-18 15:18:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-18 15:18:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-18 12:51:28 ----D---- C:\Program Files\AVG
2008-11-18 12:51:27 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-17 16:59:20 ----D---- C:\Output Files
2008-11-17 16:58:05 ----D---- C:\Documents and Settings\RWhitrock\Application Data\gtk-2.0
2008-11-17 16:50:28 ----D---- C:\Program Files\MozyHome
2008-11-17 16:38:31 ----D---- C:\WINDOWS\LastGood(2)
2008-11-17 16:31:07 ----D---- C:\Documents and Settings\RWhitrock\Application Data\Skype
2008-11-14 15:20:01 ----D---- C:\WINDOWS\system32\tempdir
2008-11-14 15:20:00 ----A---- C:\WINDOWS\system32\ptj.exe
2008-11-14 15:19:59 ----A---- C:\WINDOWS\system32\pdftk.exe
2008-11-14 15:19:57 ----D---- C:\Program Files\office Convert All to Image Jpg Jpeg Free
2008-11-13 07:50:01 ----D---- C:\Program Files\VisualTool
2008-11-12 03:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-06 20:05:48 ----D---- C:\Documents and Settings\RWhitrock\Application Data\nCleaner
2008-11-06 20:05:42 ----D---- C:\Program Files\NKProds
2008-11-05 20:41:25 ----D---- C:\Program Files\Gimp-2.0
2008-11-02 09:54:16 ----D---- C:\Program Files\Paint.NET
2008-11-02 09:44:34 ----D---- C:\Program Files\IrfanView

======List of files/folders modified in the last 1 months======

2008-12-01 12:24:54 ----D---- C:\WINDOWS\Prefetch
2008-12-01 12:20:12 ----D---- C:\Program Files
2008-12-01 10:40:08 ----D---- C:\Program Files\Internet Explorer
2008-12-01 09:36:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-01 09:36:51 ----D---- C:\WINDOWS
2008-12-01 09:36:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-01 09:25:38 ----SHD---- C:\System Volume Information
2008-12-01 09:21:57 ----D---- C:\WINDOWS\repair
2008-12-01 09:21:43 ----D---- C:\WINDOWS\Registration
2008-12-01 09:15:52 ----D---- C:\Program Files\Common Files
2008-12-01 09:15:30 ----D---- C:\WINDOWS\system32
2008-12-01 09:11:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-01 06:15:06 ----D---- C:\WINDOWS\system32\config
2008-11-30 20:31:20 ----SHD---- C:\WINDOWS\CSC
2008-11-30 20:11:46 ----SHD---- C:\WINDOWS\Installer
2008-11-30 15:32:47 ----D---- C:\WINDOWS\system32\drivers
2008-11-30 14:43:24 ----HD---- C:\WINDOWS\inf
2008-11-30 06:28:03 ----N---- C:\WINDOWS\system.ini
2008-11-30 06:28:03 ----AH---- C:\boot.ini
2008-11-30 06:28:03 ----A---- C:\WINDOWS\win.ini
2008-11-29 16:01:14 ----D---- C:\Program Files\Common Files\Intuit
2008-11-29 16:01:12 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-29 16:01:08 ----D---- C:\Program Files\Common Files\HP
2008-11-29 16:01:07 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-11-29 16:01:07 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-29 16:00:58 ----D---- C:\Program Files\Common Files\Apple
2008-11-29 16:00:58 ----D---- C:\Program Files\Common Files\AOL
2008-11-29 16:00:58 ----D---- C:\Program Files\Common Files\Adobe
2008-11-29 16:00:58 ----D---- C:\Program Files\Common Files\ACD Systems
2008-11-29 16:00:57 ----D---- C:\Program Files\Citrix
2008-11-29 16:00:56 ----D---- C:\Program Files\CCleaner
2008-11-29 16:00:56 ----D---- C:\Program Files\CA_Salesperson
2008-11-29 16:00:56 ----D---- C:\Program Files\Bonjour
2008-11-29 16:00:54 ----D---- C:\Program Files\BackWeb
2008-11-29 16:00:53 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-11-29 16:00:51 ----D---- C:\Program Files\Apple Software Update
2008-11-29 16:00:47 ----D---- C:\Program Files\Adobe
2008-11-29 16:00:47 ----D---- C:\Program Files\activePDF
2008-11-29 16:00:46 ----D---- C:\PNTTEMPL
2008-11-29 16:00:46 ----D---- C:\PNTDATA
2008-11-29 16:00:42 ----D---- C:\NETSETUP
2008-11-29 16:00:40 ----D---- C:\FFRMA
2008-11-29 16:00:40 ----D---- C:\ePrint
2008-11-29 16:00:40 ----D---- C:\download
2008-11-29 16:00:06 ----D---- C:\Documents and Settings
2008-11-29 15:52:36 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-29 15:37:19 ----D---- C:\Program Files\Symantec
2008-11-29 15:34:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-28 12:06:52 ----D---- C:\Temp
2008-11-28 11:02:26 ----D---- C:\WINPOINT
2008-11-28 11:02:23 ----D---- C:\WINDOWS\WinSxS
2008-11-28 11:02:22 ----D---- C:\WINDOWS\WBEM
2008-11-28 11:02:22 ----D---- C:\WINDOWS\twain_32
2008-11-28 11:02:21 ----D---- C:\WINDOWS\system32\xircom
2008-11-28 11:02:18 ----D---- C:\WINDOWS\system32\wins
2008-11-28 11:02:15 ----D---- C:\WINDOWS\system32\wbem
2008-11-28 11:02:13 ----D---- C:\WINDOWS\system32\usmt
2008-11-28 11:02:13 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-28 11:02:07 ----D---- C:\WINDOWS\system32\spool
2008-11-28 11:02:06 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-28 11:02:06 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-28 11:02:04 ----D---- C:\WINDOWS\system32\Setup
2008-11-28 11:02:04 ----D---- C:\WINDOWS\system32\scripting
2008-11-28 11:02:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-28 11:02:01 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-28 11:02:00 ----D---- C:\WINDOWS\system32\ras
2008-11-28 11:01:58 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-28 11:01:57 ----D---- C:\WINDOWS\system32\oobe
2008-11-28 11:01:55 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-28 11:01:54 ----D---- C:\WINDOWS\system32\npp
2008-11-28 11:01:49 ----D---- C:\WINDOWS\system32\mui
2008-11-28 11:01:45 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-28 11:01:40 ----D---- C:\WINDOWS\system32\Macromed
2008-11-28 11:01:35 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-11-28 11:01:34 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-28 11:01:34 ----D---- C:\WINDOWS\system32\IME
2008-11-28 11:01:32 ----D---- C:\WINDOWS\system32\icsxml
2008-11-28 11:01:32 ----D---- C:\WINDOWS\system32\ias
2008-11-28 11:01:29 ----D---- C:\WINDOWS\system32\export
2008-11-28 11:01:28 ----D---- C:\WINDOWS\system32\en-us
2008-11-28 11:01:28 ----D---- C:\WINDOWS\system32\en
2008-11-28 11:01:24 ----D---- C:\WINDOWS\system32\DirectX
2008-11-28 11:01:24 ----D---- C:\WINDOWS\system32\dhcp
2008-11-28 11:01:21 ----D---- C:\WINDOWS\system32\Com
2008-11-28 11:01:20 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-28 11:01:19 ----D---- C:\WINDOWS\system32\bits
2008-11-28 11:01:18 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\3com_dmi
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\3076
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\2052
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1054
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1042
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1041
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1037
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1033
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1031
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1028
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1025
2008-11-28 11:01:16 ----D---- C:\WINDOWS\system
2008-11-28 11:01:16 ----D---- C:\WINDOWS\Sun
2008-11-28 11:01:16 ----D---- C:\WINDOWS\srchasst
2008-11-28 10:59:58 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-28 10:59:57 ----D---- C:\WINDOWS\SMINST
2008-11-28 10:59:57 ----D---- C:\WINDOWS\SHELLNEW
2008-11-28 10:59:57 ----D---- C:\WINDOWS\setup.pss
2008-11-28 10:59:02 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-28 10:59:02 ----D---- C:\WINDOWS\security
2008-11-28 10:59:02 ----D---- C:\WINDOWS\SchCache
2008-11-28 10:59:02 ----D---- C:\WINDOWS\Resources
2008-11-28 10:58:58 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-28 10:58:58 ----D---- C:\WINDOWS\pss
2008-11-28 10:58:58 ----D---- C:\WINDOWS\provisioning
2008-11-28 10:58:58 ----D---- C:\WINDOWS\PrimoPDF4
2008-11-28 10:58:58 ----D---- C:\WINDOWS\peernet
2008-11-28 10:58:54 ----D---- C:\WINDOWS\PCHealth
2008-11-28 10:58:54 ----D---- C:\WINDOWS\Options
2008-11-28 10:58:54 ----D---- C:\WINDOWS\netw
  • 0

#6
Gravity Gripp
Posted 01 December 2008 - 02:43 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
It looks like part of your rsit log was cut off, please try and re-post just the rsit log.
  • 0

#7
reverseguy
Posted 01 December 2008 - 03:23 PM

reverseguy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of random's system information tool 1.04 (written by random/random)
Run by RWhitrock at 2008-12-01 13:22:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (46%) free of 70 GB
Total RAM: 959 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:59 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\RWhitrock\Local Settings\Temporary Internet Files\Content.IE5\PL1SE19A\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\RWhitrock.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [VTTimer] "C:\WINDOWS\system32\VTTimer.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1221631389218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1223756976535
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11386 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6F989EFA-7682-4A5C-8A8D-76F81D06DBB9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-25 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-25 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-25 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\program files\hp\digital imaging\bin\hpdtlk02.dll [2003-11-21 98304]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-25 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-22 136600]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-04-20 118784]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-28 88364]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"BOC-427"=C:\PROGRA~1\Comodo\CBOClean\BOC427.exe [2008-07-14 351480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-25 39408]
"Arovax AntiSpyware"=C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe [2007-09-21 1966080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-21 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe [2003-07-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
C:\PROGRA~1\UPDATE~1\137903\Program\BACKWE~1.EXE [2004-05-12 16384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-04-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegedit"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoBandCustomize"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoBandCustomize"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe"="C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-01 12:24:45 ----D---- C:\rsit
2008-12-01 12:20:27 ----D---- C:\Documents and Settings\RWhitrock\Application Data\ImgBurn
2008-12-01 12:20:12 ----D---- C:\Program Files\ImgBurn
2008-12-01 08:55:51 ----D---- C:\Program Files\ERUNT
2008-11-30 20:11:32 ----D---- C:\Program Files\Common Files\Softwin
2008-11-30 19:38:11 ----D---- C:\Documents and Settings\RWhitrock\Application Data\WinPatrol
2008-11-30 19:36:28 ----D---- C:\Program Files\BillP Studios
2008-11-30 15:32:47 ----D---- C:\Program Files\PrevxCSI
2008-11-30 15:32:36 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-11-30 15:06:11 ----A---- C:\WINDOWS\UNBOC.EXE
2008-11-30 15:06:08 ----A---- C:\WINDOWS\CMDLIC.DLL
2008-11-30 15:06:00 ----D---- C:\Documents and Settings\All Users\Application Data\BOC427
2008-11-30 15:05:54 ----A---- C:\WINDOWS\BOC427.INI
2008-11-30 15:05:51 ----D---- C:\Program Files\Comodo
2008-11-30 14:43:24 ----D---- C:\WINDOWS\BDOSCAN8
2008-11-29 18:34:39 ----D---- C:\Program Files\Wise Disk Cleaner
2008-11-29 18:29:58 ----D---- C:\Program Files\Wise Registry Cleaner 3
2008-11-29 18:22:40 ----D---- C:\Program Files\Ss-Tools
2008-11-29 18:17:43 ----D---- C:\Program Files\RT Scan Tool
2008-11-29 15:37:46 ----D---- C:\Program Files\Windows Installer Clean Up
2008-11-29 15:36:46 ----D---- C:\Program Files\MSECACHE
2008-11-29 15:10:10 ----D---- C:\Program Files\iTOK
2008-11-26 18:59:50 ----D---- C:\Program Files\Panda Security
2008-11-26 16:05:28 ----SHD---- C:\RECYCLER
2008-11-26 16:01:14 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-26 16:01:14 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\swsc.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\swreg.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\Process.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-11-26 16:01:13 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-26 14:46:47 ----D---- C:\WINDOWS\temp
2008-11-26 14:46:46 ----A---- C:\ComboFix.txt
2008-11-26 14:34:35 ----D---- C:\SDFix
2008-11-25 19:04:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-25 19:04:33 ----D---- C:\Program Files\Alwil Software
2008-11-25 18:05:17 ----D---- C:\Program Files\Spyware Doctor
2008-11-25 18:05:17 ----D---- C:\Documents and Settings\RWhitrock\Application Data\PC Tools
2008-11-25 18:04:38 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-25 15:11:09 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-25 14:51:55 ----D---- C:\Documents and Settings\RWhitrock\Application Data\Ashampoo
2008-11-25 14:51:45 ----D---- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-11-25 13:31:35 ----A---- C:\WINDOWS\system32\NMSDVDXU.dll
2008-11-25 13:31:34 ----A---- C:\WINDOWS\system32\viscomwave.dll
2008-11-25 13:31:33 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2008-11-25 13:31:33 ----A---- C:\WINDOWS\system32\FoxImager.dll
2008-11-25 11:22:16 ----D---- C:\Documents and Settings\All Users\Application Data\Arovax
2008-11-25 11:22:14 ----D---- C:\Program Files\Arovax AntiSpyware
2008-11-25 10:53:16 ----D---- C:\Program Files\Windows Defender
2008-11-25 10:15:46 ----D---- C:\Documents and Settings\RWhitrock\Application Data\.BitTornado
2008-11-25 10:11:55 ----D---- C:\Program Files\BitTornado
2008-11-24 18:38:17 ----D---- C:\Program Files\ZSoft
2008-11-24 14:12:24 ----D---- C:\Documents and Settings\RWhitrock\Application Data\Help
2008-11-24 09:52:32 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-24 09:52:29 ----A---- C:\rapport.txt
2008-11-23 18:53:25 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-11-23 11:10:55 ----A---- C:\WINDOWS\SWREG.exe
2008-11-23 11:10:55 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\zip.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\VFIND.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\SWSC.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\sed.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\grep.exe
2008-11-23 11:10:54 ----A---- C:\WINDOWS\fdsv.exe
2008-11-23 11:10:46 ----D---- C:\WINDOWS\ERDNT
2008-11-23 11:10:46 ----AD---- C:\Qoobox
2008-11-23 10:59:03 ----D---- C:\!KillBox
2008-11-23 09:59:31 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2008-11-22 14:16:27 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-22 14:16:27 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-22 14:16:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-22 14:16:26 ----A---- C:\WINDOWS\system32\java.exe
2008-11-22 13:47:15 ----D---- C:\Program Files\Browser Hijack Recover
2008-11-22 13:24:27 ----D---- C:\fsaua.data
2008-11-22 12:25:22 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-21 16:23:02 ----D---- C:\Documents and Settings\RWhitrock\Application Data\Sunbelt
2008-11-21 16:22:23 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-11-21 16:21:47 ----D---- C:\Program Files\Sunbelt Software
2008-11-20 17:22:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-19 20:48:45 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-19 15:51:59 ----D---- C:\Program Files\Advanced Spyware Remover
2008-11-19 15:47:23 ----A---- C:\index.ini
2008-11-19 07:14:40 ----D---- C:\Program Files\Lavasoft
2008-11-19 07:14:40 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-18 20:28:38 ----D---- C:\Program Files\Trend Micro
2008-11-18 15:18:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-18 15:18:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-18 12:51:28 ----D---- C:\Program Files\AVG
2008-11-18 12:51:27 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-17 16:59:20 ----D---- C:\Output Files
2008-11-17 16:58:05 ----D---- C:\Documents and Settings\RWhitrock\Application Data\gtk-2.0
2008-11-17 16:50:28 ----D---- C:\Program Files\MozyHome
2008-11-17 16:38:31 ----D---- C:\WINDOWS\LastGood(2)
2008-11-17 16:31:07 ----D---- C:\Documents and Settings\RWhitrock\Application Data\Skype
2008-11-14 15:20:01 ----D---- C:\WINDOWS\system32\tempdir
2008-11-14 15:20:00 ----A---- C:\WINDOWS\system32\ptj.exe
2008-11-14 15:19:59 ----A---- C:\WINDOWS\system32\pdftk.exe
2008-11-14 15:19:57 ----D---- C:\Program Files\office Convert All to Image Jpg Jpeg Free
2008-11-13 07:50:01 ----D---- C:\Program Files\VisualTool
2008-11-12 03:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-06 20:05:48 ----D---- C:\Documents and Settings\RWhitrock\Application Data\nCleaner
2008-11-06 20:05:42 ----D---- C:\Program Files\NKProds
2008-11-05 20:41:25 ----D---- C:\Program Files\Gimp-2.0
2008-11-02 09:54:16 ----D---- C:\Program Files\Paint.NET
2008-11-02 09:44:34 ----D---- C:\Program Files\IrfanView

======List of files/folders modified in the last 1 months======

2008-12-01 13:20:49 ----D---- C:\WINDOWS\Prefetch
2008-12-01 12:55:40 ----D---- C:\Documents and Settings\RWhitrock\Application Data\U3
2008-12-01 12:20:12 ----D---- C:\Program Files
2008-12-01 10:40:08 ----D---- C:\Program Files\Internet Explorer
2008-12-01 09:36:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-01 09:36:51 ----D---- C:\WINDOWS
2008-12-01 09:36:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-01 09:25:38 ----SHD---- C:\System Volume Information
2008-12-01 09:21:57 ----D---- C:\WINDOWS\repair
2008-12-01 09:21:43 ----D---- C:\WINDOWS\Registration
2008-12-01 09:15:52 ----D---- C:\Program Files\Common Files
2008-12-01 09:15:30 ----D---- C:\WINDOWS\system32
2008-12-01 09:11:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-01 06:15:06 ----D---- C:\WINDOWS\system32\config
2008-11-30 20:31:20 ----SHD---- C:\WINDOWS\CSC
2008-11-30 20:11:46 ----SHD---- C:\WINDOWS\Installer
2008-11-30 15:32:47 ----D---- C:\WINDOWS\system32\drivers
2008-11-30 14:43:24 ----HD---- C:\WINDOWS\inf
2008-11-30 06:28:03 ----N---- C:\WINDOWS\system.ini
2008-11-30 06:28:03 ----AH---- C:\boot.ini
2008-11-30 06:28:03 ----A---- C:\WINDOWS\win.ini
2008-11-29 16:01:14 ----D---- C:\Program Files\Common Files\Intuit
2008-11-29 16:01:12 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-29 16:01:08 ----D---- C:\Program Files\Common Files\HP
2008-11-29 16:01:07 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-11-29 16:01:07 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-29 16:00:58 ----D---- C:\Program Files\Common Files\Apple
2008-11-29 16:00:58 ----D---- C:\Program Files\Common Files\AOL
2008-11-29 16:00:58 ----D---- C:\Program Files\Common Files\Adobe
2008-11-29 16:00:58 ----D---- C:\Program Files\Common Files\ACD Systems
2008-11-29 16:00:57 ----D---- C:\Program Files\Citrix
2008-11-29 16:00:56 ----D---- C:\Program Files\CCleaner
2008-11-29 16:00:56 ----D---- C:\Program Files\CA_Salesperson
2008-11-29 16:00:56 ----D---- C:\Program Files\Bonjour
2008-11-29 16:00:54 ----D---- C:\Program Files\BackWeb
2008-11-29 16:00:53 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-11-29 16:00:51 ----D---- C:\Program Files\Apple Software Update
2008-11-29 16:00:47 ----D---- C:\Program Files\Adobe
2008-11-29 16:00:47 ----D---- C:\Program Files\activePDF
2008-11-29 16:00:46 ----D---- C:\PNTTEMPL
2008-11-29 16:00:46 ----D---- C:\PNTDATA
2008-11-29 16:00:42 ----D---- C:\NETSETUP
2008-11-29 16:00:40 ----D---- C:\FFRMA
2008-11-29 16:00:40 ----D---- C:\ePrint
2008-11-29 16:00:40 ----D---- C:\download
2008-11-29 16:00:06 ----D---- C:\Documents and Settings
2008-11-29 15:52:36 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-29 15:37:19 ----D---- C:\Program Files\Symantec
2008-11-29 15:34:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-28 12:06:52 ----D---- C:\Temp
2008-11-28 11:02:26 ----D---- C:\WINPOINT
2008-11-28 11:02:23 ----D---- C:\WINDOWS\WinSxS
2008-11-28 11:02:22 ----D---- C:\WINDOWS\WBEM
2008-11-28 11:02:22 ----D---- C:\WINDOWS\twain_32
2008-11-28 11:02:21 ----D---- C:\WINDOWS\system32\xircom
2008-11-28 11:02:18 ----D---- C:\WINDOWS\system32\wins
2008-11-28 11:02:15 ----D---- C:\WINDOWS\system32\wbem
2008-11-28 11:02:13 ----D---- C:\WINDOWS\system32\usmt
2008-11-28 11:02:13 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-28 11:02:07 ----D---- C:\WINDOWS\system32\spool
2008-11-28 11:02:06 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-28 11:02:06 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-28 11:02:04 ----D---- C:\WINDOWS\system32\Setup
2008-11-28 11:02:04 ----D---- C:\WINDOWS\system32\scripting
2008-11-28 11:02:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-28 11:02:01 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-28 11:02:00 ----D---- C:\WINDOWS\system32\ras
2008-11-28 11:01:58 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-28 11:01:57 ----D---- C:\WINDOWS\system32\oobe
2008-11-28 11:01:55 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-28 11:01:54 ----D---- C:\WINDOWS\system32\npp
2008-11-28 11:01:49 ----D---- C:\WINDOWS\system32\mui
2008-11-28 11:01:45 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-28 11:01:40 ----D---- C:\WINDOWS\system32\Macromed
2008-11-28 11:01:35 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-11-28 11:01:34 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-28 11:01:34 ----D---- C:\WINDOWS\system32\IME
2008-11-28 11:01:32 ----D---- C:\WINDOWS\system32\icsxml
2008-11-28 11:01:32 ----D---- C:\WINDOWS\system32\ias
2008-11-28 11:01:29 ----D---- C:\WINDOWS\system32\export
2008-11-28 11:01:28 ----D---- C:\WINDOWS\system32\en-us
2008-11-28 11:01:28 ----D---- C:\WINDOWS\system32\en
2008-11-28 11:01:24 ----D---- C:\WINDOWS\system32\DirectX
2008-11-28 11:01:24 ----D---- C:\WINDOWS\system32\dhcp
2008-11-28 11:01:21 ----D---- C:\WINDOWS\system32\Com
2008-11-28 11:01:20 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-28 11:01:19 ----D---- C:\WINDOWS\system32\bits
2008-11-28 11:01:18 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\3com_dmi
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\3076
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\2052
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1054
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1042
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1041
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1037
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1033
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1031
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1028
2008-11-28 11:01:17 ----D---- C:\WINDOWS\system32\1025
2008-11-28 11:01:16 ----D---- C:\WINDOWS\system
2008-11-28 11:01:16 ----D---- C:\WINDOWS\Sun
2008-11-28 11:01:16 ----D---- C:\WINDOWS\srchasst
2008-11-28 10:59:58 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-28 10:59:57 ----D---- C:\WINDOWS\SMINST
2008-11-28 10:59:57 ----D---- C:\WINDOWS\SHELLNEW
2008-11-28 10:59:57 ----D---- C:\WINDOWS\setup.pss
2008-11-28 10:59:02 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-28 10:59:02 ----D---- C:\WINDOWS\security
2008-11-28 10:59:02 ----D---- C:\WINDOWS\SchCache
2008-11-28 10:59:02 ----D---- C:\WINDOWS\Resources
2008-11-28 10:58:58 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-28 10:58:58 ----D---- C:\WINDOWS\pss
2008-11-28 10:58:58 ----D---- C:\WINDOWS\provisioning
2008-11-28 10:58:58 ----D---- C:\WINDOWS\PrimoPDF4
2008-11-28 10:58:58 ----D---- C:\WINDOWS\peernet
2008-11-28 10:58:54 ----D---- C:\WINDOWS\PCHealth
2008-11-28 10:58:54 ----D---- C:\WINDOWS\Options
2008-11-28 10:58:54 ----D---- C:\WINDOWS\network diagnostic
2008-11-28 10:58:54 ----D---- C:\WINDOWS\mui
2008-11-28 10:58:54 ----D---- C:\WINDOWS\msapps
2008-11-28 10:58:53 ----D---- C:\WINDOWS\msagent
2008-11-28 10:58:43 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-28 10:58:43 ----D---- C:\WINDOWS\Media
2008-11-28 10:58:43 ----D---- C:\WINDOWS\l2schemas
2008-11-28 10:58:42 ----D---- C:\WINDOWS\ime
2008-11-28 10:58:42 ----D---- C:\WINDOWS\ie7updates
2008-11-28 10:58:37 ----D---- C:\WINDOWS\I386
2008-11-28 10:58:37 ----D---- C:\WINDOWS\HPTK
2008-11-28 10:58:36 ----D---- C:\WINDOWS\Help
2008-11-28 10:58:35 ----D---- C:\WINDOWS\EHome
2008-11-28 10:58:34 ----D---- C:\WINDOWS\Driver Cache
2008-11-28 10:58:34 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-28 10:58:34 ----D---- C:\WINDOWS\Debug
2008-11-28 10:58:34 ----D---- C:\WINDOWS\Cursors
2008-11-28 10:58:34 ----D---- C:\WINDOWS\CREATOR
2008-11-28 10:58:34 ----D---- C:\WINDOWS\Connection Wizard
2008-11-28 10:58:34 ----D---- C:\WINDOWS\Config
2008-11-28 10:58:33 ----D---- C:\WINDOWS\BWKDLogs
2008-11-28 10:58:33 ----D---- C:\WINDOWS\AppPatch
2008-11-28 10:58:33 ----D---- C:\WINDOWS\addins
2008-11-28 10:58:30 ----D---- C:\Program Files\Yahoo!
2008-11-28 10:58:30 ----D---- C:\Program Files\xerox
2008-11-28 10:58:30 ----D---- C:\Program Files\Windows NT
2008-11-28 10:58:29 ----D---- C:\Program Files\Windows Media Player
2008-11-28 10:58:28 ----D---- C:\Program Files\Updates from HP
2008-11-28 10:58:27 ----D---- C:\Program Files\ToniArts
2008-11-28 10:58:27 ----D---- C:\Program Files\Symantec AntiVirus
2008-11-28 10:58:26 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-28 10:58:25 ----D---- C:\Program Files\Sun
2008-11-28 10:58:20 ----D---- C:\Program Files\Skype
2008-11-28 10:58:20 ----D---- C:\Program Files\Real
2008-11-28 10:58:14 ----D---- C:\Program Files\QuickTime
2008-11-28 10:58:08 ----D---- C:\Program Files\Quicken
2008-11-28 10:58:08 ----D---- C:\Program Files\POINTAGENT
2008-11-28 10:58:00 ----D---- C:\Program Files\Palm
2008-11-28 10:57:59 ----D---- C:\Program Files\Outlook Express
2008-11-28 10:57:49 ----D---- C:\Program Files\Online Services
2008-11-28 10:57:48 ----D---- C:\Program Files\NOS
2008-11-28 10:57:48 ----D---- C:\Program Files\NetMeeting
2008-11-28 10:57:48 ----D---- C:\Program Files\My Company Name
2008-11-28 10:57:48 ----D---- C:\Program Files\MSXML 4.0
2008-11-28 10:57:46 ----D---- C:\Program Files\MSN Gaming Zone
2008-11-28 10:57:46 ----D---- C:\Program Files\MSN Encarta Plus
2008-11-28 10:57:46 ----D---- C:\Program Files\MSN
2008-11-28 10:57:45 ----D---- C:\Program Files\Movie Maker
2008-11-28 10:57:45 ----D---- C:\Program Files\Microsoft.NET
2008-11-28 10:57:45 ----D---- C:\Program Files\Microsoft WSE
2008-11-28 10:57:45 ----D---- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-11-28 10:57:36 ----D---- C:\Program Files\Microsoft Office
2008-11-28 10:57:36 ----D---- C:\Program Files\microsoft frontpage
2008-11-28 10:57:36 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-11-28 10:57:36 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-28 10:57:35 ----D---- C:\Program Files\Messenger
2008-11-28 10:57:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-28 10:57:29 ----D---- C:\Program Files\Logitech
2008-11-28 10:57:29 ----D---- C:\Program Files\LimeWire
2008-11-28 10:57:26 ----D---- C:\Program Files\Kodak
2008-11-28 10:57:26 ----D---- C:\Program Files\Karen's Power Tools
2008-11-28 10:57:20 ----D---- C:\Program Files\Java
2008-11-28 10:57:17 ----D---- C:\Program Files\iTunes
2008-11-28 10:57:16 ----D---- C:\Program Files\iPod
2008-11-28 10:57:14 ----D---- C:\Program Files\IObit
2008-11-28 10:57:06 ----D---- C:\Program Files\InterVideo
2008-11-28 10:57:04 ----D---- C:\Program Files\HP Instant Support
2008-11-28 10:56:47 ----D---- C:\Program Files\HP
2008-11-28 10:56:46 ----D---- C:\Program Files\Hewlett-Packard
2008-11-28 10:56:41 ----D---- C:\Program Files\Google
2008-11-28 10:56:30 ----D---- C:\Program Files\Free PDF to Word Doc Converter
2008-11-28 10:56:30 ----D---- C:\Program Files\Easy Internet signup
2008-11-28 10:56:30 ----D---- C:\Program Files\ddpjnkb
2008-11-28 10:56:30 ----D---- C:\Program Files\ComPlus Applications
2008-11-28 10:56:30 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-28 10:56:28 ----D---- C:\Program Files\Common Files\System
2008-11-28 10:56:25 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-11-28 10:56:25 ----D---- C:\Program Files\Common Files\Services
2008-11-28 10:56:25 ----D---- C:\Program Files\Common Files\Scanner
2008-11-28 10:56:25 ----D---- C:\Program Files\Common Files\Real
2008-11-28 10:56:25 ----D---- C:\Program Files\Common Files\Palo Alto Software
2008-11-28 10:56:25 ----D---- C:\Program Files\Common Files\ODBC
2008-11-28 10:56:24 ----D---- C:\Program Files\Common Files\MSSoap
2008-11-28 10:56:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-28 10:56:15 ----D---- C:\Program Files\Common Files\LogiShrd
2008-11-28 10:56:15 ----D---- C:\Program Files\Common Files\Java
2008-11-26 06:30:47 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-25 20:14:55 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-25 11:49:41 ----SD---- C:\WINDOWS\Tasks
2008-11-25 10:53:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-24 17:55:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-24 11:31:15 ----AC---- C:\WINDOWS\winpoint.ini
2008-11-18 09:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\jolmtkzm
2008-11-17 17:05:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-17 16:58:07 ----D---- C:\Documents and Settings\RWhitrock\Application Data\IObit
2008-11-17 16:31:07 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-11-12 03:03:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-09 14:18:14 ----D---- C:\Documents and Settings\RWhitrock\Application Data\skypePM
2008-11-04 10:32:51 ----RSD---- C:\WINDOWS\assembly
2008-11-03 16:10:26 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-11-02 09:36:29 ----SD---- C:\Documents and Settings\RWhitrock\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-05-12 43672]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 mozyFilter;mozyFilter; C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-11-16 53752]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-11 1920920]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-10-11 41752]
R3 LVUVC;Logitech QuickCam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-10-11 3647384]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-12-07 172672]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-03-02 1252942]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-10-11 23832]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-04-20 711005]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-11-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-25 81288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-09-24 16694]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 BOCore;BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [2008-07-14 73464]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 CSIScanner;CSIScanner; C:\Program Files\PrevxCSI\prevxcsi.exe [2008-11-30 920632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-25 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-22 152984]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2008-11-16 87352]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
R2 SBAMSvc;CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3
  • 0

#8
Gravity Gripp
Posted 03 December 2008 - 09:41 AM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
So first a couple of things here. I see that you've ran ComboFix recently. This is HIGHLY recommened against as ComboFix is a very powerful tool and in the hands of an inexperienced user could lead to an unusable computer. Do NOT use this tool unless told to do so by an expert.

Secondly, it looks like Symantec did not uninstall properly. We will have to use the removal tool.


STEP ONE
  • Please download the Norton Removal Tool to your Desktop
  • Find the icon on your Desktop and double click it.
  • When the tool opens, follow the on-screen instructions. Once the tool has finished, it will reboot your computer. Proceed to Step 2.
STEP TWO
Then, please provide a fresh RSIT log.

Edited by Gravity Gripp, 03 December 2008 - 09:41 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP