[harrobray]

i keep getting regular pop ups and my etrust antivirus is going crazy

heres the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:34 PM, on 17/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\AV\InoRpc.exe
C:\AV\InoRT.exe
C:\AV\InoTask.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\AV\realmon.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\AceHide Free\AceHideFree.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;mail.stpauls*;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0fc64ac8-e3c1-47bd-a3f1-c00d5595ea29} - C:\WINDOWS\system32\zigulavo.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\AV\realmon.exe -s
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\tihifipa.dll",a
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\lotibuye.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zHideWin] D:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKUS\S-1-5-19\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\lotibuye.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\lotibuye.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1229221836296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1229221715265
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\tuludave.dll avgrsstx.dll C:\WINDOWS\system32\yusuvodo.dll c:\windows\system32\tihifipa.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tihifipa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tihifipa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\AV\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\AV\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\AV\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 12581 bytes

thanks

[Advertisements]

Hello harrobray

Welcome to G2Go.
=====================

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[kahdah]

Hello harrobray

Welcome to G2Go.
=====================

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[harrobray]

ok i ran the tool but when it gets up to performing registry dump, it comes up with Autolt Error, Line-1:, Error:Error parsing function call

[kahdah]

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[harrobray]

ComboFix 08-12-18.01 - User 2008-12-19 19:53:08.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1022.437 [GMT 11:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\oeminfo.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ejapiwej.ini
c:\windows\system32\ihugufek.ini
c:\windows\system32\ivakibif.ini
c:\windows\system32\PACKET.DLL
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\WPCAP.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-19 15:59 . 2008-12-19 15:59 <DIR> d--hs---- C:\FOUND.000
2008-12-19 14:41 . 2008-12-19 14:42 <DIR> d-------- C:\rsit
2008-12-17 21:31 . 2008-12-17 21:31 <DIR> d-------- c:\program files\Trend Micro
2008-12-17 21:21 . 2008-12-17 21:21 <DIR> d-------- C:\VundoFix Backups
2008-12-16 20:50 . 2008-12-16 20:50 <DIR> d-------- c:\windows\Sun
2008-12-16 19:19 . 2008-12-16 19:19 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-15 22:55 . 2008-12-16 18:34 90,632 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2008-12-15 22:55 . 2008-12-15 22:55 12,936 --a------ c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys
2008-12-15 22:55 . 2008-12-15 22:55 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2008-12-15 22:54 . 2008-12-15 22:54 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2008-12-15 22:54 . 2008-12-15 22:54 <DIR> d-------- c:\program files\AVG
2008-12-15 22:54 . 2008-12-15 22:54 <DIR> d-------- c:\documents and settings\User\Application Data\AVGTOOLBAR
2008-12-15 22:54 . 2008-12-15 22:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-15 22:54 . 2008-12-16 18:34 98,440 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2008-12-14 13:37 . 2008-12-14 13:37 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-14 13:37 . 2004-08-04 20:00 221,184 --a------ c:\windows\SYSTEM32\wmpns.dll
2008-12-14 13:36 . 2008-12-14 13:36 <DIR> d-------- c:\windows\SYSTEM32\LogFiles
2008-12-14 13:36 . 2008-12-14 13:36 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\UMDF
2008-12-14 13:32 . 2008-10-16 14:09 31,768 --a------ c:\windows\SYSTEM32\wucltui.dll.mui
2008-12-14 13:32 . 2008-10-16 14:07 23,576 --a------ c:\windows\SYSTEM32\wuaucpl.cpl.mui
2008-12-14 13:32 . 2008-10-16 14:07 23,576 --a------ c:\windows\SYSTEM32\wuapi.dll.mui
2008-12-14 13:32 . 2008-10-16 14:07 18,456 --a------ c:\windows\SYSTEM32\wuaueng.dll.mui
2008-12-14 13:26 . 2007-03-14 02:04 69,632 --a------ c:\windows\SYSTEM32\javacpl.cpl
2008-12-14 13:25 . 2008-12-14 13:25 <DIR> d-------- c:\program files\Java
2008-12-14 13:25 . 2008-12-14 13:25 <DIR> d-------- c:\program files\Common Files\Java
2008-12-13 21:34 . 2008-12-13 21:34 <DIR> d-------- c:\documents and settings\User\Application Data\Apple Computer
2008-12-13 21:34 . 2008-04-17 13:12 107,368 --a------ c:\windows\SYSTEM32\GEARAspi.dll
2008-12-13 21:34 . 2008-04-17 13:12 15,464 --a------ c:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys
2008-12-13 21:33 . 2008-12-13 21:33 <DIR> d-------- c:\program files\iPod
2008-12-13 21:32 . 2008-12-13 21:32 <DIR> d-------- c:\program files\iTunes
2008-12-13 21:32 . 2008-12-13 21:32 <DIR> d-------- c:\program files\Bonjour
2008-12-13 21:32 . 2008-12-13 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 21:31 . 2008-12-13 21:31 <DIR> d-------- c:\program files\QuickTime
2008-12-13 21:31 . 2008-12-13 21:31 <DIR> d-------- c:\program files\Apple Software Update
2008-12-13 21:31 . 2008-12-13 21:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-13 21:30 . 2008-12-13 21:30 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-13 21:30 . 2008-12-13 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-12 20:58 . 2008-12-12 20:58 <DIR> d--h----- c:\windows\ie8
2008-12-10 16:28 . 2008-12-10 16:28 <DIR> d--hs---- C:\Recycled
2008-12-10 16:20 . 2008-12-10 16:20 <DIR> d-------- c:\documents and settings\User\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 03:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\SYSTEM32\WUAPI.DLL
2008-10-16 03:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 03:12 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 03:12 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 03:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\SYSTEM32\WUPS2.DLL
2008-10-16 03:08 34,328 ----a-w c:\windows\SYSTEM32\WUPS.DLL
2008-10-16 03:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 03:07 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2006-11-29 03:57 604 ---ha-w c:\program files\STLL Notifier
2007-02-21 21:51 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-02-21 21:51 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-02-21 21:51 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-02-21 21:51 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-02-21 21:51 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"zHideWin"="d:\program files\AceHide Free\AceHideFree.exe" [2002-05-17 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-04-20 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-04-20 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 3080192]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-01-17 40960]
"Realtime Monitor"="c:\av\realmon.exe" [2004-04-06 504080]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2007-09-06 40960]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2007-09-06 45056]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2007-04-05 860160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-16 1261336]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\SYSTEM32\BTHPROPS.CPL]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-18 c:\windows\RTHDCPL.EXE]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\SYSTEM32\NWTRAY.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [1/1/1980 618557]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [1/1/1980 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [1/1/1980 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-01-25 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-01-10 13:36 24576 c:\windows\SYSTEM32\NOVELL\XTNOTIFY.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
Notification Packages REG_MULTI_SZ scecli s t e m 3 2 \ y u v o d . l

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\AV\\InocIT.exe"=
"c:\\AV\\InoRpc.exe"=
"c:\\AV\\Realmon.exe"=
"c:\\Program Files\\Novell\\ZENworks\\RemoteManagement\\RMAgent\\ZenRem32.exe"=
"c:\\WINDOWS\\System32\\dpmw32.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\stuff\\halo\\haloce.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Launch Manager\\OSDCtrl.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iPod\\BIN\\iPodService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3024:UDP"= 3024:UDP:Novell Client Trust

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [12/15/2008 10:55:02 PM 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [12/15/2008 10:54:59 PM 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [12/15/2008 10:55:02 PM 90632]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [1/1/1980 9867]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [1/1/1980 34671]
R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [1/1/1980 12106]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/16/2008 6:34:06 PM 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/16/2008 6:34:12 PM 231704]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\BlankScr.sys [1/1/1980 6899]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [1/1/1980 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [1/1/1980 78208]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [1/1/1980 7296]
R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [1/1/1980 4010]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [1/1/1980 163840]
R2 XTAgent;Novell XTier Agent Services;c:\windows\System32\Novell\XTAgent.exe [1/1/1980 61440]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [1/1/1980 53760]
R3 Darpan;Darpan;c:\windows\system32\DRIVERS\Darpan.sys [1/1/1980 2773]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [1/1/1980 4392]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [1/1/1980 5632]
S1 mailKmd;mailKmd; []
S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys []
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\DRIVERS\ACTIVhidmini.sys [1/1/1980 51840]
S3 SI15CI;SI15CI;\??\c:\elements\1stboot\Blueth\SI15CI.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31c266ed-c67a-11dd-b0aa-0018de2a5a03}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0fc64ac8-e3c1-47bd-a3f1-c00d5595ea29} - c:\windows\system32\zigulavo.dll
HKLM-Run-dahogusomi - c:\windows\system32\lotibuye.dll
HKLM-Run-CPM165a20e4 - c:\windows\system32\tihifipa.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = 172.16.1.50:8080
uInternet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;mail.stpauls*;<local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\epp1x7v5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 19:58:41
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\NETWIN32.DLL
c:\program files\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\av\InoRpc.exe
c:\av\InoRT.exe
c:\av\InoTask.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Novell\ZENworks\nalntsrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Novell\ZENworks\wm.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\docume~1\User\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Novell\ZENworks\WMRUNDLL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-12-19 20:00:41 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2008-12-19 09:00:38

Pre-Run: 21,520,384,000 bytes free
Post-Run: 21,728,395,264 bytes free

270

[kahdah]

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

[harrobray]

Malwarebytes' Anti-Malware 1.31
Database version: 1523
Windows 5.1.2600 Service Pack 3

20/12/2008 11:05:21 AM
mbam-log-2008-12-20 (11-05-21).txt

Scan type: Quick Scan
Objects scanned: 55793
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[kahdah]

Looks good please post a new Rsit log and we will continue.

[harrobray]

Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2008-12-20 15:33:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (58%) free of 36 GB
Total RAM: 1022 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:05 PM, on 20/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\AV\InoRpc.exe
C:\AV\InoRT.exe
C:\AV\InoTask.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\AV\realmon.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\AceHide Free\AceHideFree.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;mail.stpauls*;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\AV\realmon.exe -s
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zHideWin] D:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1229221836296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1229221715265
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\AV\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\AV\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\AV\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 11766 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-16 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-16 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-02-22 106496]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-16 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Preload"=C:\Windows\RUNXMLPL.exe [2005-05-19 32768]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2005-07-25 32768]
"LManager"=C:\Program Files\Launch Manager\HotkeyApp.exe [2006-04-20 69632]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2003-09-16 20480]
"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2005-07-25 241664]
"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2006-04-20 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-04-14 344064]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-01-20 3080192]
"ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-12-27 69632]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-18 15797248]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"NDPS"=C:\WINDOWS\system32\dpmw32.exe [2004-05-17 32859]
"NWTRAY"=C:\WINDOWS\system32\NWTRAY.EXE [2002-03-12 28672]
"ZENRC Tray Icon"=C:\WINDOWS\system32\zentray.exe [2005-01-17 40960]
"Realtime Monitor"=C:\AV\realmon.exe [2004-04-06 504080]
"iPrint Tray"=C:\WINDOWS\system32\iprntctl.exe [2007-09-06 40960]
"iPrint Event Monitor"=C:\WINDOWS\system32\iprntlgn.exe [2007-09-06 45056]
"ActivControl"=C:\Program Files\Activ Software\Activdriver\ActivControl2.exe [2007-04-05 860160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-16 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"zHideWin"=D:\Program Files\AceHide Free\AceHideFree.exe [2002-05-17 94720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll [2005-01-10 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"=C:\Program Files\Novell\ZENworks\NalShell.dll [2005-01-25 417792]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwv1_0
"notification packages"=scecli
s
t
e
m
3
2
\
y
u
v
o
d
.
l

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"CompatibleRUPSecurity"=1
"DontDisplayLastUserName"=0
"LegalNoticeText"=

"ShutdownWithoutLogon"=1
"UndockWithoutLogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\AV\InocIT.exe"="C:\AV\InocIT.exe:*:Enabled:InocIT"
"C:\AV\InoRpc.exe"="C:\AV\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server"
"C:\AV\Realmon.exe"="C:\AV\Realmon.exe:*:Enabled:Realmon"
"C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe"="C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe:*:Enabled:stpnet"
"C:\WINDOWS\System32\dpmw32.exe"="C:\WINDOWS\System32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener"
"C:\Novell\GroupWise\grpwise.exe"="C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise"
"C:\Novell\GroupWise\notify.exe"="C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\stuff\halo\haloce.exe"="D:\stuff\halo\haloce.exe:*:Enabled:Halo"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Launch Manager\OSDCtrl.exe"="C:\Program Files\Launch Manager\OSDCtrl.exe:*:Enabled:OSDCtrl"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iPod\BIN\iPodService.exe"="C:\Program Files\iPod\BIN\iPodService.exe:*:Enabled:iPodService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31c266ed-c67a-11dd-b0aa-0018de2a5a03}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b938da0-ce36-11dd-b0cb-0018de2a5a03}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b938da1-ce36-11dd-b0cb-0018de2a5a03}]
shell\AutoRun\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe


======List of files/folders created in the last 1 months======

2008-12-20 10:56:49 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-12-20 10:56:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-20 10:56:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-19 20:00:45 ----D---- C:\WINDOWS\temp
2008-12-19 20:00:43 ----A---- C:\ComboFix.txt
2008-12-19 17:42:10 ----A---- C:\Boot.bak
2008-12-19 17:42:01 ----D---- C:\cmdcons
2008-12-19 16:45:33 ----A---- C:\WINDOWS\zip.exe
2008-12-19 16:45:33 ----A---- C:\WINDOWS\VFIND.exe
2008-12-19 16:45:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-19 16:45:33 ----A---- C:\WINDOWS\SWSC.exe
2008-12-19 16:45:33 ----A---- C:\WINDOWS\SWREG.exe
2008-12-19 16:45:33 ----A---- C:\WINDOWS\sed.exe
2008-12-19 16:45:33 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-19 16:45:33 ----A---- C:\WINDOWS\grep.exe
2008-12-19 16:45:33 ----A---- C:\WINDOWS\fdsv.exe
2008-12-19 16:45:27 ----D---- C:\WINDOWS\ERDNT
2008-12-19 16:45:27 ----D---- C:\Qoobox
2008-12-19 15:59:36 ----SHD---- C:\FOUND.000
2008-12-19 14:41:58 ----D---- C:\rsit
2008-12-17 21:31:11 ----D---- C:\Program Files\Trend Micro
2008-12-17 21:21:08 ----D---- C:\VundoFix Backups
2008-12-17 21:21:08 ----A---- C:\VundoFix.txt
2008-12-16 20:50:28 ----D---- C:\WINDOWS\Sun
2008-12-16 19:19:22 ----HD---- C:\$AVG8.VAULT$
2008-12-15 22:55:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-15 22:54:56 ----D---- C:\Documents and Settings\User\Application Data\AVGTOOLBAR
2008-12-15 22:54:52 ----D---- C:\Program Files\AVG
2008-12-15 22:54:51 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-14 15:02:31 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2008-12-14 15:02:26 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 13:38:09 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-14 13:38:04 ----HD---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-14 13:37:51 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-14 13:37:44 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-14 13:37:29 ----HD---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-14 13:36:43 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-14 13:36:16 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-14 13:36:08 ----HD---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-14 13:32:41 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-14 13:32:41 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-14 13:32:41 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-14 13:26:00 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-14 13:26:00 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-14 13:26:00 ----A---- C:\WINDOWS\system32\java.exe
2008-12-14 13:25:36 ----D---- C:\Program Files\Java
2008-12-14 13:25:35 ----D---- C:\Program Files\Common Files\Java
2008-12-14 13:25:19 ----D---- C:\Documents and Settings\User\Application Data\Sun
2008-12-13 21:34:48 ----D---- C:\Documents and Settings\User\Application Data\Apple Computer
2008-12-13 21:34:11 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-12-13 21:33:25 ----D---- C:\Program Files\iPod
2008-12-13 21:32:54 ----D---- C:\Program Files\iTunes
2008-12-13 21:32:54 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 21:32:11 ----D---- C:\Program Files\Bonjour
2008-12-13 21:31:41 ----D---- C:\Program Files\QuickTime
2008-12-13 21:31:39 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-13 21:31:24 ----D---- C:\Program Files\Apple Software Update
2008-12-13 21:30:35 ----D---- C:\Program Files\Common Files\Apple
2008-12-13 21:30:35 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-12 20:59:23 ----D---- C:\WINDOWS\WBEM
2008-12-12 20:58:08 ----HD---- C:\WINDOWS\ie8
2008-12-10 16:28:28 ----SHD---- C:\Recycled
2008-12-10 16:20:07 ----D---- C:\Documents and Settings\User\Application Data\U3

======List of files/folders modified in the last 1 months======

2008-12-20 15:30:38 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2008-12-20 13:13:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-19 19:58:54 ----A---- C:\WINDOWS\system.ini
2008-12-19 17:42:12 ----RASH---- C:\BOOT.INI
2008-12-19 16:09:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-19 14:35:06 ----A---- C:\WINDOWS\HPBAFD.INI
2008-12-14 13:38:04 ----A---- C:\WINDOWS\imsins.BAK
2008-12-14 13:37:54 ----A---- C:\WINDOWS\WIN.INI
2008-12-10 10:46:36 ----R---- C:\WINDOWS\system32\AuditLog.txt
2008-12-10 10:12:56 ----A---- C:\WINDOWS\DPRPMLOG.TXT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-16 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-15 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-16 90632]
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 nipplpt2;Novell iCapture Lpt Redirector 2; C:\WINDOWS\system32\drivers\nipplpt.sys [2007-09-06 34671]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-11-29 21275]
R2 BlankScr;HBDevice; C:\WINDOWS\system32\drivers\BlankScr.sys [2005-01-17 6899]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NetwareWorkstation;Novell Client for Windows; C:\WINDOWS\system32\NetWare\nwfs.sys [2007-06-21 513664]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 RESMGR;Novell NetWare Resource Manager; C:\WINDOWS\system32\NetWare\resmgr.sys [2004-06-01 27249]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 SRVLOC;Novell Service Location; C:\WINDOWS\system32\NetWare\srvloc.sys [2006-09-25 160209]
R3 ActivHidSerMini;Promethean Serial Board Driver; C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2007-03-19 53760]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-08 1506816]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-07-21 134272]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-17 328061]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-17 850474]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 Darpan;Darpan; C:\WINDOWS\system32\DRIVERS\Darpan.sys [2005-01-10 2773]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-11-19 6144]
R3 NWDHCP;Novell DHCP Inform Client; C:\WINDOWS\system32\NetWare\nwdhcp.sys [2005-11-22 18353]
R3 NWDNS;Novell DNS Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwdns.sys [2006-10-27 43568]
R3 NWHOST;Novell Host File Name Space Service Provider; C:\WINDOWS\system32\NetWare\NWHOST.sys [2005-10-12 9297]
R3 NWSLP;Novell SLP Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwslp.sys [2005-01-03 20332]
R3 NWSNS;Novell Simple Naming Services (NWSNS); C:\WINDOWS\system32\NetWare\NWSNS.sys [2005-10-12 6128]
R3 prmvmouse;Promethean HID Mouse Service; C:\WINDOWS\system32\DRIVERS\activmouse.sys [2007-03-19 5632]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-23 162176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface; C:\WINDOWS\system32\NetWare\nwsipx32.sys [2005-10-27 39731]
S3 ACTIVhidmini;Promethean USB Board Driver; C:\WINDOWS\system32\DRIVERS\ACTIVhidmini.sys [2007-03-19 51840]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-17 30459]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 273024]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-17 148900]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-17 65688]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\hppaufd0.sys [2003-07-21 16800]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-27 1353820]
S3 NWSAP;Novell SAP Name Space Provider; C:\WINDOWS\system32\NetWare\NWSAP.sys [2003-02-26 23232]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SI15CI;SI15CI; \??\C:\Elements\1stboot\Blueth\SI15CI.SYS []
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-08 405504]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-16 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-16 231704]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-17 266295]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 InoRPC;eTrust Antivirus RPC Server; C:\AV\InoRpc.exe [2004-04-06 139536]
R2 InoRT;eTrust Antivirus Realtime Server; C:\AV\InoRT.exe [2004-04-06 241936]
R2 InoTask;eTrust Antivirus Job Server; C:\AV\InoTask.exe [2004-04-06 254224]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NALNTSERVICE;Novell Application Launcher; C:\Program Files\Novell\ZENworks\nalntsrv.exe [2005-01-28 112128]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent; C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2004-11-22 163840]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 XTAgent;Novell XTier Agent Services; C:\WINDOWS\System32\Novell\XTAgent.exe [2005-01-10 61440]
R2 ZFDWM;Workstation Manager; C:\Program Files\Novell\ZENworks\wm.exe [2005-02-03 149024]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 cusrvc;Client Update Service for Novell; C:\WINDOWS\system32\cusrvc.exe [2006-08-11 28672]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-10-22 65536]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2006-01-23 86016]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[harrobray]

the post before this was log.txt and the post now is info.txt

info.txt logfile of random's system information tool 1.05 2008-12-20 15:34:07

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AceHide Free-->D:\Program Files\AceHide Free\uninstall.exe
Acer eDataSecurity Management 1.00.26-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x9 -removeonly
Acer eLock Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
Acer Empowering Technology framework-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePerformance Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management-->C:\WINDOWS\UnInst32.exe AcerePrj.UNI
Acer eSettings Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Activdriver v4.1.9-->MsiExec.exe /I{5ECA271E-5BCD-457F-BFDC-D26BE5813694}
Activstudio PE Docs (GBR) v3.0.1-->MsiExec.exe /I{326E9160-8FCA-4CE5-9A4C-4FB8DD4B1494}
Activstudio Professional Edition v3.0.73-->MsiExec.exe /I{DA56F614-18B0-4E95-A016-99BBC2AC0242}
Activstudio Resources (GBR) v3.0.1-->MsiExec.exe /I{2B02A6DF-9613-4289-96B6-11E68B0FD60D}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{13E582CE-E439-4446-A0AE-0F1F07CD2ED5}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{90437E5F-0A9E-4B63-AD8B-D232897D18BF}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA eTrust Antivirus-->MsiExec.exe /X{99747F0D-D4F8-4877-9CA0-4AE96D963633}
Drug Lord 2-->D:\Program Files\Drug Lord 2\druglord2.exe remove
GroupWise Internet Browser Mail Integration-->C:\Novell\GroupWise\gwmailto.exe /uninstall
GroupWise Tip of the Day C3PO-->C:\Novell\GroupWise\gwtip.exe /uninstall
GroupWise-->MsiExec.exe /I{97A2FF67-1EB6-483C-A6E6-716D91298763}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10250093\HXFSETUP.EXE -U -IGraS1025.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Inspiration 8 IE-->C:\WINDOWS\unvise32.exe C:\Program Files\Inspiration 8 IE\uninstal.log
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Jasc Animation Shop 3-->MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Launch Manager V1.1.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\Setup.exe" -l0x9
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mavis Beacon Teaches Typing 16 Deluxe for Schools-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Mavis Beacon Teaches Typing 16\Uninstall.xml"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Native Instruments Sibelius Player-->C:\PROGRA~1\NATIVE~1\SIBELI~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SIBELI~1\INSTALL.LOG
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Neuratron PhotoScore Lite-->C:\PROGRA~1\NEURAT~1\UNWISE.EXE C:\PROGRA~1\NEURAT~1\INSTALL.LOG
NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}\Setup.exe" -uninst
NMAS Challenge Response Method-->MsiExec.exe /X{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}
NMAS Client-->MsiExec.exe /I{9B427732-573E-4E78-B6FA-AC3E5A218BA2}
Novell Client for Windows-->%SystemRoot%\system32\rundll32 nwsetup.dll NWUninstallClient
Novell iPrint Client v04.32.00-->C:\WINDOWS\system32\iprint\setupipp.exe /uninstall
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sibelius 4-->C:\PROGRA~1\SIBELI~1\SIBELI~1\UNWISE.EXE C:\PROGRA~1\SIBELI~1\SIBELI~1\INSTALL.LOG
Sibelius Scorch-->C:\PROGRA~1\SIBELI~1\SCORCH\UNWISE.EXE C:\PROGRA~1\SIBELI~1\SCORCH\INSTALL.LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tainlab Wintec-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Tainlab\UnInst.log" "/APPNAME=Tainlab Wintec"
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1033
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Internet Explorer 8 Beta 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows NT Messaging-->RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
YouTube Downloader 2.4-->"D:\Program Files\FDRLab\YouTube Downloader\unins000.exe"
ZENworks Desktop Management Agent-->MsiExec.exe /I{F5DB4286-0064-4574-936B-09115C7A5A07}

======Security center information======

AV: AVG Anti-Virus

System event log

Computer Name: 3290_STUDENT
Event Code: 4377
Message: Windows Media Player Hotfix KB911564 was installed.

Record Number: 802
Source Name: WindowsMedia
Time Written: 20061129105456.000000+660
Event Type: information
User:

Computer Name: 3290_STUDENT
Event Code: 19
Message: Installation Successful: Windows successfully installed the following update: Security Update for Windows XP (KB901190)

Record Number: 801
Source Name: Windows Update Agent
Time Written: 20061129105436.000000+660
Event Type: information
User:

Computer Name: 3290_STUDENT
Event Code: 19
Message: Installation Successful: Windows successfully installed the following update: Security Update for Windows XP (KB911927)

Record Number: 800
Source Name: Windows Update Agent
Time Written: 20061129105436.000000+660
Event Type: information
User:

Computer Name: 3290_STUDENT
Event Code: 4377
Message: Windows XP Hotfix KB901190 was installed.

Record Number: 799
Source Name: NtServicePack
Time Written: 20061129105434.000000+660
Event Type: information
User:

Computer Name: 3290_STUDENT
Event Code: 4377
Message: Windows XP Hotfix KB911927 was installed.

Record Number: 798
Source Name: NtServicePack
Time Written: 20061129105430.000000+660
Event Type: information
User:

Application event log

Computer Name: BRAYH12
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 1784
Source Name: crypt32
Time Written: 20081217142717.000000+660
Event Type: error
User:

Computer Name: BRAYH12
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 1783
Source Name: crypt32
Time Written: 20081217142717.000000+660
Event Type: error
User:

Computer Name: BRAYH12
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 1782
Source Name: crypt32
Time Written: 20081217142717.000000+660
Event Type: error
User:

Computer Name: BRAYH12
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 1781
Source Name: crypt32
Time Written: 20081217142717.000000+660
Event Type: error
User:

Computer Name: BRAYH12
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 1780
Source Name: crypt32
Time Written: 20081217142717.000000+660
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Intel\Wireless\Bin;%SystemRoot%\system32\nls;%SystemRoot%\system32\nls\ENGLISH;C:\Program Files\Novell\ZENworks;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\AV;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"INOCULAN"=C:\AV
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

[kahdah]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"notification packages"=hex(7):73,63,65,63,6c,69,0d,0a,00,00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b938da1-ce36-11dd-b0cb-0018de2a5a03}]

Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
==================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform: "Windows".
• Select your Language: "Multi-language".
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• Click Continue and the page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.