[ReedW]

Hey guys, I contracted a nasty virus through some irresponsible downloading. Almost immediatly, about 35 windows errors popped up saying "host process for windows services has stopped working", I would close them and they would pop up again as fast as I could close them.

I attempted a restart, but the computer just hung at a black screen right before the vista logon menu appeared. It did that over and over again. I did start in safe made and ran a adaware and norton scan. The norton 2009 AV scan didnt find anything, but ad aware found both Trojan Vundo and Trojan Pandex, which it said it quarantienned.

Regardless, the computer hung on restart again. So I boot with "last known good configuation". So im back in Vista, with about 50 host process windows popping up. Norton 2009 says its blocking security attacks about every 5 minutes, but full system scans arent turning up anything.

Attached is my log, I would appreciate any help, with finals coming up and all! Thanks in advance!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:10 PM, on 11/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\System32\rs32net.exe
C:\Windows\System32\rundll32.exe
C:\Users\Reed\AppData\Local\Temp\winlogin.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rs32net.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\svchost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WerFault.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WerFault.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\Opera\opera.exe
c:\windows\system32\rundll32.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Reed\AppData\Local\Temp\csrssc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O2 - BHO: (no name) - {B200799F-9538-403d-9A6E-36F5942EC540} - (no file)
O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fcccbyYp.dll,#1
O4 - HKLM\..\Run: [rs32net] C:\Windows\System32\rs32net.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Reed\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [rs32net] C:\Windows\System32\rs32net.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Reed\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\Users\Reed\AppData\Local\Temp\csrssc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll (file missing)
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\ProgramData\Norton\Norton2009Reset.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 8600 bytes

[Advertisements]

Hello ReedW

Welcome to G2Go.
=====================

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[kahdah]

Hello ReedW

Welcome to G2Go.
=====================

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[ReedW]

Thanks for the quick reply. I also poked around and saw that Malwarebyte's anti-malware was commonly recommended so I downloaded it and ran it. It found a bunch of stuff that it said it "fixed" Attached is the log followed by the RSIT logs

Malwarebytes' Anti-Malware 1.30
Database version: 1430
Windows 6.0.6001 Service Pack 1

11/28/2008 1:03:45 AM
mbam-log-2008-11-28 (01-03-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 163791
Time elapsed: 3 hour(s), 1 minute(s), 44 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 8
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
C:\Users\Reed\AppData\Local\Temp\csrssc.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Users\Reed\AppData\Local\Temp\winlogin.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b200799f-9538-403d-9a6e-36f5942ec540} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b200799f-9538-403d-9a6e-36f5942ec540} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\rs32net.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Users\Reed\AppData\Local\Temp\csrssc.exe (Trojan.Clicker) -> Delete on reboot.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC19C3.tmp (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC52E.tmp (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC55A6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC8142.tmp (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\Reed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS2T3EXG\aasuper1[1].htm (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\Reed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS2T3EXG\wczznnab[1].txt (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\Users\Reed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9VZZ6R2\jdwtth[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Reed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWESHJ4E\aasuper2[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Reed\AppData\Local\Temp\TDSS9592.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Users\Reed\AppData\Local\Temp\163952910.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Windows\System32\TDSScrrx.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\TDSSntlv.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Users\Reed\AppData\Local\Temp\winlogin.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Reed\AppData\Local\Temp\TDSS960f.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\TDSSfopt.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\TDSSnbcb.sys (Rootkit.Agent) -> Quarantined and deleted successfully.





RSIT Log



Logfile of random's system information tool 1.04 (written by random/random)
Run by Reed at 2008-11-28 01:15:34
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 56 GB (49%) free of 114 GB
Total RAM: 2045 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:36 AM, on 11/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Opera\opera.exe
C:\Users\Reed\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Reed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\ProgramData\Norton\Norton2009Reset.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 7016 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll [2008-11-04 340848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL [2008-11-07 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll [2008-11-04 340848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-06 8534560]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-11-06 81920]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-10-30 140568]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-30 909208]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 202032]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-30 2595616]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-10 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2008-06-17 89024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Reed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"EnableLUA"=0
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoLogOff"=0
"NoClose"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"UseDefaultTile"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\ExamSoft\SofTest\SoftLnch.exe"="C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch
"
"C:\Program Files\ExamSoft\SofTest\softest.exe"="C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest
"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-27 22:01:59 ----D---- C:\rsit
2008-11-27 22:00:35 ----D---- C:\Users\Reed\AppData\Roaming\Malwarebytes
2008-11-27 22:00:23 ----D---- C:\ProgramData\Malwarebytes
2008-11-27 22:00:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-27 16:54:51 ----D---- C:\Program Files\Trend Micro
2008-11-27 13:40:09 ----A---- C:\Windows\ntbtlog.txt
2008-11-27 00:23:12 ----D---- C:\Users\Reed\AppData\Roaming\GARMIN
2008-11-27 00:20:03 ----D---- C:\Garmin
2008-11-27 00:20:02 ----D---- C:\Program Files\Garmin GPS Plugin
2008-11-18 14:45:00 ----D---- C:\Program Files\Snood 4
2008-11-18 07:42:07 ----A---- C:\Windows\system32\wups2.dll
2008-11-18 07:42:07 ----A---- C:\Windows\system32\wucltux.dll
2008-11-18 07:42:07 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-18 07:42:06 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-18 07:41:16 ----A---- C:\Windows\system32\wups.dll
2008-11-18 07:41:16 ----A---- C:\Windows\system32\wudriver.dll
2008-11-18 07:41:15 ----A---- C:\Windows\system32\wuapi.dll
2008-11-18 07:40:48 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-18 07:40:48 ----A---- C:\Windows\system32\wuapp.exe
2008-11-14 09:15:12 ----D---- C:\Windows\PCHEALTH
2008-11-13 09:24:48 ----A---- C:\Windows\system32\msxml3.dll
2008-11-13 09:24:45 ----A---- C:\Windows\system32\msxml6.dll
2008-11-11 14:21:03 ----D---- C:\ProgramData\Examsoft
2008-11-11 14:16:40 ----D---- C:\Program Files\ExamSoft
2008-11-11 08:45:17 ----D---- C:\Windows\pss
2008-11-11 08:30:51 ----D---- C:\ProgramData\Symantec
2008-11-09 22:25:10 ----D---- C:\Program Files\SyncToy 2.0
2008-11-09 22:23:54 ----D---- C:\Program Files\Microsoft Sync Framework
2008-11-07 20:05:31 ----D---- C:\Program Files\Symantec
2008-11-07 20:05:31 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-07 20:04:38 ----D---- C:\ProgramData\Norton
2008-11-07 20:04:38 ----D---- C:\Program Files\Norton Internet Security
2008-11-07 20:04:32 ----D---- C:\ProgramData\NortonInstaller
2008-11-07 20:04:32 ----D---- C:\Program Files\NortonInstaller
2008-11-04 14:24:37 ----D---- C:\Program Files\Lavasoft
2008-11-04 14:24:36 ----D---- C:\ProgramData\Lavasoft
2008-11-04 14:23:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-29 08:58:38 ----A---- C:\Windows\system32\win32spl.dll

======List of files/folders modified in the last 1 months======

2008-11-28 01:13:50 ----D---- C:\Windows\Temp
2008-11-28 01:13:19 ----D---- C:\Windows\System32
2008-11-28 01:13:19 ----D---- C:\Windows\inf
2008-11-28 01:13:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-28 01:06:30 ----D---- C:\Windows\system32\drivers
2008-11-28 01:04:25 ----D---- C:\Windows\Prefetch
2008-11-27 22:13:29 ----A---- C:\Windows\NeroDigital.ini
2008-11-27 22:00:30 ----SHD---- C:\System Volume Information
2008-11-27 22:00:23 ----HD---- C:\ProgramData
2008-11-27 22:00:22 ----RD---- C:\Program Files
2008-11-27 17:11:15 ----D---- C:\Windows
2008-11-27 13:28:36 ----D---- C:\Users\Reed\AppData\Roaming\uTorrent
2008-11-27 10:20:58 ----SHD---- C:\Windows\Installer
2008-11-27 10:06:09 ----D---- C:\Program Files\Opera
2008-11-27 00:22:01 ----D---- C:\Windows\system32\catroot
2008-11-24 14:05:49 ----D---- C:\Windows\system32\catroot2
2008-11-18 14:30:56 ----D---- C:\Program Files\Google
2008-11-18 14:30:26 ----D---- C:\Users\Reed\AppData\Roaming\Skype
2008-11-18 14:25:23 ----D---- C:\Users\Reed\AppData\Roaming\skypePM
2008-11-18 14:24:34 ----D---- C:\Windows\rescache
2008-11-18 09:50:20 ----D---- C:\Windows\system32\en-US
2008-11-18 09:25:38 ----D---- C:\Windows\winsxs
2008-11-18 07:43:01 ----D---- C:\Windows\PolicyDefinitions
2008-11-15 16:28:53 ----D---- C:\Windows\Debug
2008-11-14 09:16:41 ----D---- C:\ProgramData\Microsoft Help
2008-11-11 14:17:51 ----D---- C:\Program Files\Microsoft Office
2008-11-11 14:17:29 ----D---- C:\Windows\system
2008-11-09 22:27:26 ----SD---- C:\Users\Reed\AppData\Roaming\Microsoft
2008-11-09 22:24:09 ----RSD---- C:\Windows\assembly
2008-11-07 20:05:31 ----D---- C:\Program Files\Common Files
2008-11-03 16:10:26 ----A---- C:\Windows\system32\mrt.exe
2008-10-30 14:35:20 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1001000.021\BHDrvx86.sys [2008-11-04 255536]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1001000.021\ccHPx86.sys [2008-11-07 362544]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-20 350720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-11-26 371248]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081125.005\IDSvix86.sys [2008-11-07 289840]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\System32\Drivers\NIS\1001000.021\SRTSPX.SYS [2008-11-04 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-11-07 25136]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\NIS\1001000.021\SYMTDI.SYS [2008-11-07 198192]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2008-07-16 44384]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-06-17 99648]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-20 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-20 159744]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-07 99376]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDAud.sys [2007-03-22 625664]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-20 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081127.025\NAVENG.SYS [2008-11-26 89104]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081127.025\NAVEX15.SYS [2008-11-26 876112]
R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-20 2225664]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-06 8231584]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-20 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1001000.021\SRTSP.SYS [2008-11-04 306736]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\NIS\1001000.021\SYMDNS.SYS [2008-11-07 12976]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-11-07 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\NIS\1001000.021\SYMFW.SYS [2008-11-07 89904]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\NIS\1001000.021\SYMNDISV.SYS [2008-11-07 40496]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\NIS\1001000.021\SYMREDRV.SYS [2008-11-07 24752]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-12 181432]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-20 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 ST50220;Sonix ST50220 USB Video Camera Driver; C:\Windows\System32\Drivers\ST50220.sys [2006-11-24 26752]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-04 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-10-30 427288]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe [2008-11-04 115560]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 492720]
S2 .norton2009Reset;Norton 2009 Reset; C:\ProgramData\Norton\Norton2009Reset.exe [2008-11-22 281625]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-20 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-16 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-20 917504]

-----------------EOF-----------------



RSIT INFO



info.txt logfile of random's system information tool 1.04 2008-11-28 01:15:40

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acronis True Image Home-->MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Iwis30B2a.inf
FileZilla Client 3.1.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Garmin City Navigator North America NT 2009 Update-->MsiExec.exe /X{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}
Garmin Communicator Plugin-->MsiExec.exe /X{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Pavilion Webcam Driver for Vista v061.001.00006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Quick Launch Buttons 6.30 J1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Sync Framework Runtime v1.0 (x86)-->MsiExec.exe /I{A8BD5A60-E843-46DC-8271-ABF20756BE0F}
Microsoft Sync Framework Services v1.0 (x86)-->MsiExec.exe /I{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.1.0.33\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Opera 9.62-->MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RICOH R5C83x/84x Flash Media Controller Driver Ver.1.00.01A-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snood 4-->"C:\Program Files\Snood 4\unins000.exe"
SofTest-->MsiExec.exe /X{93DA54F5-8657-4F4B-A27B-0D478880077D}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncToy 2.0 (x86)-->MsiExec.exe /I{AFDFC350-C142-4790-BE12-8357AECD028F}
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------





THANKS so much for taking the time to look over the stuff, i really appreciate it, please let me know if there is anything i need to provide!

Reed

[kahdah]

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[ReedW]

Thanks! Attached is my combofix log

ComboFix 08-11-27.07 - Reed 2008-11-28 10:57:29.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1120 [GMT -6:00]
Running from: c:\users\Reed\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MabryObj.dll
c:\windows\system32\TDSSwqsc.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 22:01 . 2008-11-28 01:15 <DIR> d-------- C:\rsit
2008-11-27 22:00 . 2008-11-27 22:00 <DIR> d-------- c:\users\Reed\AppData\Roaming\Malwarebytes
2008-11-27 22:00 . 2008-11-27 22:00 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-27 22:00 . 2008-11-27 22:00 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-27 22:00 . 2008-11-27 22:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-27 22:00 . 2008-10-26 21:53 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-27 22:00 . 2008-10-26 21:53 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-27 16:54 . 2008-11-27 16:54 <DIR> d-------- c:\program files\Trend Micro
2008-11-27 13:32 . 2008-11-27 13:32 2 --a------ C:\1687428760
2008-11-27 00:23 . 2008-11-27 10:11 <DIR> d-------- c:\users\Reed\AppData\Roaming\GARMIN
2008-11-27 00:20 . 2008-11-27 00:20 <DIR> d-------- c:\program files\Garmin GPS Plugin
2008-11-27 00:20 . 2008-11-27 10:19 <DIR> d-------- C:\Garmin
2008-11-18 14:45 . 2008-11-18 14:55 <DIR> d-------- c:\program files\Snood 4
2008-11-18 07:42 . 2008-10-16 15:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 07:42 . 2008-10-16 14:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 07:42 . 2008-10-16 15:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 07:42 . 2008-10-16 15:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 07:41 . 2008-10-16 15:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-18 07:41 . 2008-10-16 14:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-18 07:41 . 2008-10-16 15:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-18 07:40 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 07:40 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 09:15 . 2008-11-14 09:15 <DIR> d-------- c:\windows\PCHEALTH
2008-11-13 09:24 . 2008-09-09 21:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 09:24 . 2008-09-04 23:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 09:24 . 2008-08-26 19:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 14:21 . 2008-11-11 14:35 <DIR> d-------- c:\users\All Users\Examsoft
2008-11-11 14:21 . 2008-11-11 14:35 <DIR> d-------- c:\programdata\Examsoft
2008-11-11 14:21 . 2008-11-11 14:33 15,936 --a------ c:\windows\jgzr.dat
2008-11-11 14:16 . 2008-11-11 14:16 <DIR> d-------- c:\program files\ExamSoft
2008-11-11 08:30 . 2008-11-11 08:30 <DIR> d-------- c:\users\All Users\Symantec
2008-11-11 08:30 . 2008-11-11 08:30 <DIR> d-------- c:\programdata\Symantec
2008-11-09 22:25 . 2008-11-09 22:25 <DIR> d-------- c:\program files\SyncToy 2.0
2008-11-09 22:23 . 2008-11-09 22:23 <DIR> d-------- c:\program files\Microsoft Sync Framework
2008-11-07 20:05 . 2008-11-07 20:05 <DIR> d-------- c:\program files\Symantec
2008-11-07 20:05 . 2008-11-07 20:17 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-07 20:05 . 2008-11-07 20:05 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-11-07 20:05 . 2008-11-07 20:04 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2008-11-07 20:05 . 2008-11-07 20:05 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-11-07 20:05 . 2008-11-07 20:05 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-11-07 20:04 . 2008-11-11 09:36 <DIR> d-------- c:\windows\System32\drivers\NIS
2008-11-07 20:04 . 2008-11-07 20:04 <DIR> d-------- c:\users\All Users\NortonInstaller
2008-11-07 20:04 . 2008-11-22 21:19 <DIR> d-------- c:\users\All Users\Norton
2008-11-07 20:04 . 2008-11-07 20:04 <DIR> d-------- c:\programdata\NortonInstaller
2008-11-07 20:04 . 2008-11-22 21:19 <DIR> d-------- c:\programdata\Norton
2008-11-07 20:04 . 2008-11-07 20:04 <DIR> d-------- c:\program files\NortonInstaller
2008-11-07 20:04 . 2008-11-07 20:04 <DIR> d-------- c:\program files\Norton Internet Security
2008-11-04 14:24 . 2008-11-04 14:25 <DIR> d-------- c:\users\All Users\Lavasoft
2008-11-04 14:24 . 2008-11-04 14:25 <DIR> d-------- c:\programdata\Lavasoft
2008-11-04 14:24 . 2008-11-04 14:24 <DIR> d-------- c:\program files\Lavasoft
2008-11-04 14:23 . 2008-11-04 14:23 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-29 15:31 . 2008-10-29 15:31 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-29 08:58 . 2008-08-11 21:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 10:52 . 2008-10-28 10:52 36,864 --a------ c:\windows\System32\eswinsr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 19:28 --------- d-----w c:\users\Reed\AppData\Roaming\uTorrent
2008-11-27 18:29 103,112 ----a-w c:\users\Reed\AppData\Roaming\nvModes.dat
2008-11-27 16:06 --------- d-----w c:\program files\Opera
2008-11-18 20:30 --------- d-----w c:\users\Reed\AppData\Roaming\Skype
2008-11-18 20:30 --------- d-----w c:\program files\Google
2008-11-18 20:25 --------- d-----w c:\users\Reed\AppData\Roaming\skypePM
2008-11-14 15:16 --------- d-----w c:\programdata\Microsoft Help
2008-10-28 02:52 --------- d-----w c:\program files\Windows Mail
2008-10-20 22:03 --------- d-----w c:\users\Reed\AppData\Roaming\XBMC
2008-10-20 21:44 --------- d-----w c:\program files\XBMC
2008-10-20 16:17 --------- d-----w c:\programdata\Apple Computer
2008-10-16 04:31 --------- d-----w c:\program files\Microsoft Games
2008-10-16 02:06 --------- d-----w c:\users\Reed\AppData\Roaming\Winamp
2008-10-16 02:06 --------- d-----w c:\users\Reed\AppData\Roaming\vlc
2008-10-16 02:06 --------- d-----w c:\users\Reed\AppData\Roaming\Research In Motion
2008-10-16 02:06 --------- d-----w c:\users\Reed\AppData\Roaming\NCH Swift Sound
2008-10-16 02:06 --------- d-----w c:\users\Reed\AppData\Roaming\InstallShield
2008-10-16 02:06 --------- d-----w c:\users\Reed\AppData\Roaming\FileZilla
2008-10-16 02:06 --------- d-----w c:\users\Reed\AppData\Roaming\dvdcss
2008-10-16 02:06 --------- d-----w c:\users\Reed\AppData\Roaming\Blackberry Desktop
2008-10-16 02:06 --------- d-----w c:\users\Reed\AppData\Roaming\Apple Computer
2008-10-16 02:06 --------- d-----w c:\users\Reed\AppData\Roaming\Ahead
2008-10-16 01:54 --------- d-----w c:\programdata\WindowsSearch
2008-10-16 01:54 --------- d-----w c:\programdata\SlySoft
2008-10-16 01:54 --------- d-----w c:\programdata\Skype
2008-10-16 01:54 --------- d-----w c:\programdata\NVIDIA
2008-10-16 01:54 --------- d-----w c:\programdata\Nero
2008-10-16 01:53 --------- d-----w c:\programdata\FLEXnet
2008-10-16 01:53 --------- d-----w c:\programdata\ESET
2008-10-16 01:53 --------- d-----w c:\programdata\Apple
2008-10-16 01:53 --------- d-----w c:\programdata\Acronis
2008-10-16 01:53 --------- d-----w c:\program files\Winamp
2008-10-16 01:51 --------- d-----w c:\program files\Common Files\Apple
2008-10-16 01:51 --------- d-----w c:\program files\Common Files\Ahead
2008-10-16 01:51 --------- d-----w c:\program files\Common Files\Adobe
2008-10-16 01:49 --------- d-----w c:\program files\Common Files\Acronis
2008-10-16 01:49 --------- d-----w c:\program files\CCleaner
2008-10-16 01:49 --------- d-----w c:\program files\Bonjour
2008-10-16 01:49 --------- d-----w c:\program files\Apple Software Update
2008-10-16 01:48 --------- d-----w c:\program files\Acronis
2008-10-16 01:43 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-10-16 01:43 --------- d-----w c:\program files\Synaptics
2008-10-16 01:43 --------- d-----w c:\program files\CONEXANT
2008-10-14 19:57 --------- d-----w c:\users\Reed\AppData\Roaming\iTSfv
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-01-21 02:41 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Reed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Reed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-10 23:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-06-17 09:01 89024 c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 08:47 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 12:49 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 17:53 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3420299869-3791540573-1517583316-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"UDP Query User{7F73701F-DB42-46C4-A641-8B9F4D204542}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"TCP Query User{02D65BA4-7E77-4B66-9FA5-0284185C7CDC}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"{143FC96F-EBBE-409C-9CE0-741F02F7EA5A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AD8ED867-35AD-4148-A3B9-D99A325B9F77}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{336424FD-00E5-4499-8064-7AE25AFB92EC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{0AEF9B84-A141-4D95-B6A6-39AA0BC0BA8B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{F1BA26AC-74FB-47C2-A5E3-ADE766937666}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{462B39A5-C59F-4087-8C3E-3ECA9845AB30}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{194F813D-5512-4C65-B0AB-20E731E97FEA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6112563B-ED82-45A7-8D41-4C2EE06673F5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F4B6298F-CA28-48C4-B942-F06AA3CA27DF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{12D315E6-0F21-4FF2-983D-5851CBACD73D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{07A25ADD-9778-4788-B05D-59E44C7BD642}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C73D9E6C-878E-49D7-8A40-4B33CE62456A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{F63B3768-D5D0-44B5-B7FA-C1FBFC37B90F}c:\\program files\\xbmc\\xbmc.exe"= UDP:c:\program files\xbmc\xbmc.exe:XBMC
"UDP Query User{DD9850C8-C46B-4B7C-9429-9934C717DF13}c:\\program files\\xbmc\\xbmc.exe"= TCP:c:\program files\xbmc\xbmc.exe:XBMC
"{804672D3-A631-4DFB-8765-9EC7B5DF092D}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{02CFD9DE-E48C-45FE-B697-C4F05D424783}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\program files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch

"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\program files\ExamSoft\SofTest.exe:*:Enabled:SofTest

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1001000.021\BHDrvx86.sys [2008-11-10 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1001000.021\ccHPx86.sys [2008-11-10 362544]
R1 IDSVix86;IDSVix86;\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081125.005\IDSvix86.sys [2008-11-25 289840]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll" /prefetch:1 []
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\NIS\1001000.021\SYMNDISV.SYS [2008-11-10 40496]
S2 .norton2009Reset;Norton 2009 Reset;c:\programdata\Norton\Norton2009Reset.exe [2008-11-22 281625]
S3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\system32\Drivers\ST50220.sys [2008-07-16 26752]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 11:06:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2008-11-28 11:15:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-28 17:14:23

Pre-Run: 60,834,004,992 bytes free
Post-Run: 60,697,841,664 bytes free

246 --- E O F --- 2008-11-27 22:56:06

[ReedW]

Kahdah,

I also have another question. If you notice on my attached picture, several pictures inside of programs are no longer working. Such as the Blackberry Sync programd the CPU graphing gadget for the sidebar. I have tried to uninstall the gadget and reinstall it, but still no picture.

Clearly they arent DEATHLY important, but I dont konw what other programs are like too, any idea what might be causing that?

Thanks!!

Attached Thumbnails

• 

[kahdah]

No not sure what is causing this but try this it may work.
Open Internet Explorer and go to tools > Internet Options > Advanced > Scroll down until you see Multimedia and make sure that Show Pictures is checked reboot and see if that helps.

Let me know and also post a new Hijackthis log.

[ReedW]

Wow, that internet explorer thing worked perfectly. Thanks!

Here is the new HT log...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:45 AM, on 11/29/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\ProgramData\Norton\Norton2009Reset.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 6445 bytes

[kahdah]

Looks good everything back to normal now?

[ReedW]

Yeah it seems ok, dont notice anything. So Im all clean?

Thank you so much for your help, it was either this or format, so I really appreciate it!

[kahdah]

Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.