Annoying Computer Settings Hijack please help

Unknown · August 2008

I was downloading a torrent trying to get a free version of photoshop. Anyway, karma bit me on my behind and sent me a trojan. At first all I had was the occasional windows defender message telling me a trojan was found and deleted but in a few days the system went completely haywire.

My computer's desktop was changed to a creepy biohazard symbol with something along the lines of "your computer is infected" written there, and the clock at the bottom right was changed to 24 hour format and to say VIRUS ALERT! Naturally, my internet browser settings were hijacked in addition to this.

Also, about 80% of the icons on my desktop vanished. (videogames, anti spyware programs, everything but the bare minimum programs like MS word and my computer) And if I go to the start tab i can only access my top programs, the "All Programs" tab and the "log Off" tab are both gone. To add to this, a lot of system settings were disabled. I still can't run notepad, change any settings or access control panel. Drive C has vanished and a Drive O has appeared out of nowhere, although there is nothing in it and I can't figure out how to remove it.

Fortunately I had one spyware program that could still run, SuperAntiSpyware, so I ran a scan and got rid of the clock problem, the background, and the internet hijacking, but I still can't access drive C or really do anything besides type documents and go online. Here is the log from HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 1:06:44 PM, on 8/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: D - {34186782-164B-32CC-AEFB-20B993A91AC1} - C:\WINDOWS\system32\mmx77628.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: fccDvtst - fccDvtst.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rqbmvpso - {220DB0AC-FEB9-4212-8931-3200BD69DE24} - (no file)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

FYI If you have any programs to reccomend please keep in mind I can only use the ones that create a desktop icon, as I cannot access Drive C or All Programs.

Thanks a billion if you can help me out!

Veka · August 2008

Hey and welcome to Icrontic.

Frankly speaking, Joe, it wasn't any karma that bit you but you yourself. Seriously. That trojan didn't slip in without a reason; you allowed it. The worst thing, however, is that you're using the internet (not to mention P2P softwares or torrents) without an antivirus program!

So the very first thing you must do is to install an antivirus program - well, if that is possible anymore (let's hope for the best).

Please download and install one of the following - they are free!

AntiVir
AVG Free Edition
avast! 4 Home Edition

If the installation succeeded, update your antivirus and perform a full system scan. Let it remove everything found. After that post a fresh HijackThis log.

In the case that the installation fails, disconnect infected computer from the internet and from any networked computers. Please use other computer until this one is cleaned.

JoeStrummer · August 2008

Thanks for the welcome and the prompt reply

Of course I don't deny that this was the result of epic stupidity on my part :/.

Anyway, I downloaded one of the programs as asked (AntiVir), ran a scan, and removed everything as you said.

Does this look good?
Logfile of HijackThis v1.99.1
Scan saved at 1:24:06 AM, on 8/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: D - {34186782-164B-32CC-AEFB-20B993A91AC1} - C:\WINDOWS\system32\mmx77628.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: fccDvtst - fccDvtst.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rqbmvpso - {220DB0AC-FEB9-4212-8931-3200BD69DE24} - (no file)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

It said some things could not be scanned, so I'm guessing that I'm not done here. Here's the scan report:

Avira AntiVir Personal
Report file date: Saturday, August 30, 2008 23:49

Scanning for 1583963 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: COMPY

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 17:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 22:54:15
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 8/24/2008 06:48:42
ANTIVIR3.VDF : 7.0.6.93 209920 Bytes 8/30/2008 06:48:44
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 18:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 8/31/2008 06:48:58
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 21:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 4/24/2008 21:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 21:58:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 8/31/2008 06:48:55
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 8/31/2008 06:48:53
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 21:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 8/31/2008 06:48:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 17:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 7/31/2008 17:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 21:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 8/31/2008 06:48:45
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, August 30, 2008 23:49

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MATLAB.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'matlabserver.exe' - '1' Module(s) have been scanned
Scan process 'E_S30RP1.EXE' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'Scheduler daemon.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'LinksysAgent.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'Res.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '64' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\!KillBox\juan.dll
[DETECTION] Is the TR/BHO.BD.7 Trojan
[NOTE] The file was deleted!
C:\Adobe\Manager.exe
[DETECTION] Is the TR/Small.xsi.1 Trojan
[NOTE] The file was deleted!
C:\cygwin\home\abhan\mfiles\micro\dumpmemmex.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\Katherine Bhan\Local Settings\Temp\tmp12312.WMC\URGE.cab
[0] Archive type: CAB (Microsoft)
--> setup.iss
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Slava Fedorchuk\Application Data\Adobe\Manager.exe
[DETECTION] Is the TR/Small.xsi.1 Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Slava Fedorchuk\Local Settings\Temp\HDVideodll_ver1.5953.0.exe
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0082448.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP493\A0096201.dll
[DETECTION] Is the TR/BHO.BD.7 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP493\A0096202.exe
[DETECTION] Is the TR/Small.xsi.1 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP493\A0096205.exe
[DETECTION] Is the TR/Small.xsi.1 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\wx92765.dll
[DETECTION] Is the TR/BHO.Agent.NGR Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: Sunday, August 31, 2008 01:08
Used time: 1:19:12 Hour(s)

The scan has been done completely.

13805 Scanning directories
486022 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
9 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
486009 Files not concerned
5870 Archives were scanned
6 Warnings
9 Notes

What is my next step?

Veka · August 2008

Hey Joe,

Step 1:

Please run HijackThis and click Do a system scan only

Place a check next to the following entries (if they are still there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: D - {34186782-164B-32CC-AEFB-20B993A91AC1} - C:\WINDOWS\system32\mmx77628.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - Winlogon Notify: fccDvtst - fccDvtst.dll (file missing)
O21 - SSODL: rqbmvpso - {220DB0AC-FEB9-4212-8931-3200BD69DE24} - (no file)

Now please click Fix Checked

Step 2:

Please download the OTMoveIt2 by OldTimer

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
C:\WINDOWS\system32\mmx77628.dll
C:\fccDvtst.dll /s
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Step 3:

Download OTViewIt to your desktop.

Close all windows and open it
Place a tick in the Scan all Users box
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
You may need to use two posts to get it all on the forum

JoeStrummer · August 2008

1)

Ran HijackThis, selected the appropriate programs, and removed them. Had a few error messages pop up that said "System Administrator has disabled registry editing" so out of worry I ran HijackThis again but all the files were gone so I assumed they got deleted.

2)

Did not have to reboot. Here is the result

File/Folder C:\WINDOWS\system32\mmx77628.dll not found.
< C:\fccDvtst.dll /s >
File/Folder C:\fccDvtst.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08312008_114141

3)

Extras:
OTViewIt Extras logfile created on: 8/31/2008 11:46:16 AM - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Slava Fedorchuk\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 432.35 Mb Available Physical Memory | 42.29% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 74.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 27.31 Gb Free Space | 39.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
[01/19/2007 03:58 PM | 00,274,432 | ---- | M] (Blizzard Entertainment)

"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
[11/05/2007 02:05 PM | 07,820,728 | ---- | M] (MusicLab, LLC)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

"C:\Documents and Settings\Slava Fedorchuk\Desktop\1280_StarCraft2GameplayVideo_EnglishUS2-avi-downloader.exe" = C:\Documents and Settings\Slava Fedorchuk\Desktop\1280_StarCraft2GameplayVideo_EnglishUS2-avi-downloader.exe:*:Enabled:Blizzard Downloader
File not found

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[08/30/2007 06:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[08/30/2007 06:43 PM | 00,091,376 | ---- | M] (Yahoo! Inc.)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[11/29/2007 02:39 PM | 00,214,560 | ---- | M] (RealNetworks, Inc.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[02/27/2008 02:23 PM | 00,219,952 | ---- | M] ()

"C:\Documents and Settings\Slava Fedorchuk\My Documents\Downloads\The.Duke.Nukem.3D.High.Resolution.Version-NoGrp\Duke3D\Duke3D\eduke32.exe" = C:\Documents and Settings\Slava Fedorchuk\My Documents\Downloads\The.Duke.Nukem.3D.High.Resolution.Version-NoGrp\Duke3D\Duke3D\eduke32.exe:*:Enabled:eduke32
File not found

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath
[09/13/2007 02:31 PM | 22,880,040 | R--- | M] (Skype Technologies S.A.)

"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
[06/13/2008 06:27 PM | 02,752,512 | ---- | M] (Electronic Arts)

"C:\Program Files\Lighthouse Interactive\Sword of the Stars\Sword of the Stars.exe" = C:\Program Files\Lighthouse Interactive\Sword of the Stars\Sword of the Stars.exe:*:Enabled:Sword of the Stars
[07/07/2008 05:53 PM | 06,328,320 | ---- | M] ()

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.html [@ = FirefoxHTML] - [08/26/2008 12:42 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /S

========== Winsock2 Catalogs ==========

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========

========== HKEY_CURRENT_USER Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[09/13/2007 02:31 PM | 01,828,176 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07B1BDFB-2596-426B-89E9-E82BF8D3BBED}" = EarthLink Common Authentication
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX7000F Scanner Driver Update
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49C69876-0196-4620-B237-EA334C2E40B5}" = ActivePerl 5.10.0 Build 1002
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9F1E9E57-DD22-11D5-8B43-00105A9846E9}" = FLEXnet Connect SDK
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A15C4ACE-10C1-4662-9904-566E7EC0D4F4}" = Aluria Firewall
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}" = Garmin USB Drivers
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C8F7C1E5-0150-11D6-A96C-00D05908F85D}" = USB Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FF087B26-DD20-4DD0-B97F-0B08B76A04D1}" = Deal Info
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.1.0.7
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"BearShare" = BearShare
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Complete Cleanup Trial_is1" = Complete Cleanup Trial
"Crimson Editor" = Crimson Editor (remove only)
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DVD43_is1" = DVD43 v3.9.0
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1010)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.0.9.2
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"IrfanView" = IrfanView (remove only)
"KB835221WXP" = High Definition Audio Driver Package - KB835221
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB900325" = Update Rollup 2 for Windows XP Media Center Edition 2005
"KB903157" = Hotfix for Windows Media Player 10 (KB903157)
"KB908246" = Windows XP Media Center Edition 2005 KB908246
"KB910393" = Update for Windows Media Player 10 (KB910393)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB913800" = Update for Windows Media Player 10 (KB913800)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB923689" = Security Update for Windows XP (KB923689)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925766" = Windows XP Media Center Edition 2005 KB925766
"KB926251" = Update for Windows Media Player 10 (KB926251)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"MatlabR14" = MATLAB Family of Products Release 14
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MiKTeX 2.6" = MiKTeX 2.6
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PuTTY_is1" = PuTTY version 0.59
"QcDrv" = Logitech® Camera Driver
"QuickTime" = QuickTime
"R for Windows_is1" = R for Windows 2.6.1
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"Silent Package Run-Time Sample" = EPSON Stylus CX7000F User's Guide
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"Starcraft" = Starcraft
"StarCraft X-tra Editor (Professional Edition)_is1" = StarCraft X-tra Editor Version 2.5
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Sword of the Stars" = Sword of the Stars
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2029747877-1938755978-3337594927-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2008 7:08:16 PM - Computer Name = COMPY - User Name = User SID not found - Source = MPSampleSubmission
Description = EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4
1.41.794.0, P5 trojandownloader_win32_zlob.gen!gx, P6 NIL, P7 NIL, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/28/2008 12:25:41 AM - Computer Name = COMPY - User Name = User SID not found - Source = MPSampleSubmission
Description = EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4
1.41.794.0, P5 trojandownloader_win32_zlob.gen!gx, P6 NIL, P7 NIL, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/28/2008 5:32:47 AM - Computer Name = COMPY - User Name = User SID not found - Source = MPSampleSubmission
Description = EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4
1.41.794.0, P5 trojandownloader_win32_zlob.gen!gx, P6 NIL, P7 NIL, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/28/2008 3:51:16 PM - Computer Name = COMPY - User Name = User SID not found - Source = MPSampleSubmission
Description = EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4
1.41.794.0, P5 trojandownloader_win32_zlob.gen!gx, P6 NIL, P7 NIL, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/29/2008 1:59:41 AM - Computer Name = COMPY - User Name = User SID not found - Source = MPSampleSubmission
Description = EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4
1.41.794.0, P5 trojandownloader_win32_zlob.gen!gx, P6 NIL, P7 NIL, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/29/2008 7:10:52 PM - Computer Name = COMPY - User Name = User SID not found - Source = MPSampleSubmission
Description = EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4
1.41.925.0, P5 trojandownloader_win32_zlob.gen!gw, P6 NIL, P7 NIL, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/29/2008 7:10:53 PM - Computer Name = COMPY - User Name = User SID not found - Source = MPSampleSubmission
Description = EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4
1.41.925.0, P5 trojandownloader_win32_zlob.gen!gv, P6 NIL, P7 NIL, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/29/2008 7:37:19 PM - Computer Name = COMPY - User Name = User SID not found - Source = MPSampleSubmission
Description = EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4
1.41.925.0, P5 trojandownloader_win32_zlob.gen!gw, P6 NIL, P7 NIL, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/30/2008 3:10:39 AM - Computer Name = COMPY - User Name = User SID not found - Source = Application Hang
Description = Hanging application KillBox.exe, version 2.0.0.881, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/30/2008 3:10:39 AM - Computer Name = COMPY - User Name = User SID not found - Source = Application Hang
Description = Hanging application KillBox.exe, version 2.0.0.881, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Internet Explorer Events ]

[ Media Center Events ]

[ Security Events ]

[ System Events ]
Error - 8/28/2008 9:44:38 PM - Computer Name = COMPY - User Name = User SID not found - Source = W32Time
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/28/2008 9:44:38 PM - Computer Name = COMPY - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/28/2008 9:44:55 PM - Computer Name = COMPY - User Name = User SID not found - Source = W32Time
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/28/2008 9:44:55 PM - Computer Name = COMPY - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/28/2008 9:45:04 PM - Computer Name = COMPY - User Name = User SID not found - Source = W32Time
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/28/2008 9:45:04 PM - Computer Name = COMPY - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/29/2008 1:53:46 AM - Computer Name = COMPY - User Name = User SID not found - Source = Service Control Manager
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 8/29/2008 1:53:47 AM - Computer Name = COMPY - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 8/29/2008 2:20:07 AM - Computer Name = COMPY - User Name = User SID not found - Source = Service Control Manager
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 8/29/2008 2:20:08 AM - Computer Name = COMPY - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

< End of report >

OTViewIt:
OTViewIt logfile created on: 8/31/2008 11:46:16 AM - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Slava Fedorchuk\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 432.35 Mb Available Physical Memory | 42.29% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 74.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 27.31 Gb Free Space | 39.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPY
Current User Name: Slava Fedorchuk
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[06/26/2006 11:33 AM | 00,099,888 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
[04/18/2006 05:00 AM | 00,102,400 | ---- | M] (SEIKO EPSON CORPORATION) - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
[08/16/2004 09:43 AM | 00,536,576 | ---- | M] () - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
[09/13/2004 10:05 PM | 00,884,736 | ---- | M] (The MathWorks Inc.) - c:\MATLAB701\bin\win32\MATLAB.exe
[09/14/2005 08:44 PM | 00,065,536 | ---- | M] (ali) - C:\Program Files\USB Disk Win98 Driver\Res.exe
[06/26/2006 10:46 AM | 00,497,200 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
[03/14/2008 04:50 PM | 00,233,472 | ---- | M] (PowerISO Computing, Inc.) - C:\Program Files\PowerISO\PWRISOVM.EXE
[04/02/2006 09:07 PM | 00,389,120 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
[08/19/2008 11:34 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[03/09/2004 04:07 PM | 00,086,133 | ---- | M] (Tenebril Incorporated) - C:\Program Files\SpyCatcher\Scheduler daemon.exe
[08/26/2008 12:42 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe

===== Win32 Services - Non-Microsoft Only =====

(EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [Auto | Running]
[04/18/2006 05:00 AM | 00,102,400 | ---- | M] (SEIKO EPSON CORPORATION) - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

(LVPrcSrv) Logitech Process Monitor [Auto | Running]
[06/26/2006 11:33 AM | 00,099,888 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe

(LVSrvLauncher) LVSrvLauncher [Auto | Stopped]
[06/26/2006 11:33 AM | 00,091,696 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

(matlabserver) MATLAB Server [Auto | Running]
[08/16/2004 09:43 AM | 00,536,576 | ---- | M] () - C:\MATLAB701\webserver\bin\win32\matlabserver.exe

===== Driver Services - Non-Microsoft Only =====

(Ad-Watch Connect Filter) Ad-Watch Connect Kernel Filter [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\drivers\NSDriver.sys

(Ad-Watch Real-Time Scanner) AW Real-Time Scanner [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\drivers\AWRTPD.sys

(Ad-Watch Registry Filter) Ad-Watch Registry Kernel Filter [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\drivers\AWRTRD.sys

(ADSFilter) ADSFilter - (Aluria Filter Driver) [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\ADSFilter.sys

(Afc) PPdus ASPI Shell [On_Demand | Running]
[02/23/2005 02:58 PM | 00,011,776 | ---- | M] (Arcsoft, Inc.) - C:\WINDOWS\system32\drivers\afc.sys

(AmdK8) AMD Processor Driver [System | Running]
[06/18/2006 07:37 PM | 00,036,864 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

(BW2NDIS5) BW2NDIS5 [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\BW2NDIS5.sys

(DSproct) DSproct [On_Demand | Stopped]
[01/10/2006 10:07 AM | 00,004,864 | ---- | M] (GTek Technologies Ltd.) - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

(dvd43llh) dvd43llh [On_Demand | Running]
[01/29/2007 02:31 PM | 00,018,816 | ---- | M] (RIF) - C:\WINDOWS\system32\drivers\dvd43llh.sys

(E100B) Intel(R) PRO Adapter Driver [On_Demand | Stopped]
[08/17/2001 10:12 AM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(GRFILTER) CS NDIS Driver [Boot | Running]
[07/11/2005 10:36 AM | 00,015,548 | ---- | M] (Authentium, Inc.) - C:\WINDOWS\System32\drivers\GRFilter.sys

(GRTdiMon) GR TDI Mon [Auto | Running]
[07/11/2005 10:38 AM | 00,020,480 | ---- | M] (Authentium, Inc.) - C:\WINDOWS\system32\drivers\GRTdiMon.sys

(LVcKap) Logitech AEC Driver [On_Demand | Running]
[06/26/2006 11:33 AM | 01,587,632 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\Lvckap.sys

(LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Running]
[06/26/2006 11:33 AM | 01,952,816 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys

(LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running]
[06/26/2006 11:33 AM | 00,023,472 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running]
[06/22/2006 03:29 PM | 00,038,960 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(motmodem) Motorola USB CDC ACM Driver [On_Demand | Stopped]
[12/13/2006 06:52 PM | 00,020,992 | ---- | M] (Motorola) - C:\WINDOWS\system32\drivers\motmodem.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(npkcrypt) npkcrypt [Auto | Stopped]
File not found - C:\Program Files\Wizet\MapleStory\npkcrypt.sys

(npkcusb) npkcusb [On_Demand | Stopped]
File not found - C:\Program Files\Wizet\MapleStory\npkcusb.sys

(pcouffin) VSO Software pcouffin [On_Demand | Running]
[01/29/2007 02:30 PM | 00,047,360 | ---- | M] (VSO Software) - C:\WINDOWS\system32\drivers\pcouffin.sys

(pepifilter) Volume Adapter [On_Demand | Running]
[06/22/2006 03:29 PM | 00,012,080 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lv302af.sys

(PID_08A0) Logitech QuickCam IM(PID_08A0) [On_Demand | Running]
[06/22/2006 03:29 PM | 00,720,176 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LV302AV.SYS

(SASDIFSV) SASDIFSV [System | Running]
[08/19/2008 11:34 PM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Running]
[08/19/2008 11:34 PM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[08/19/2008 11:34 PM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(SCDEmu) SCDEmu [System | Running]
[03/13/2008 11:04 PM | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) - C:\WINDOWS\System32\drivers\scdemu.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(sptd) sptd [Boot | Running]
[04/25/2008 03:25 PM | 00,717,296 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

(usbcm) USB Cable Modem 351000 NDIS Driver [On_Demand | Stopped]
[04/11/2002 09:21 PM | 00,013,335 | ---- | M] (Microsystems Corp) - C:\WINDOWS\system32\drivers\usbcm.sys

(wanatw) WAN Miniport (ATW) [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\wanatw4.sys

(WINIO) WINIO [On_Demand | Stopped]
[11/13/2001 09:47 AM | 00,041,324 | ---- | M] () - C:\WINDOWS\system32\winio.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt" = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min [06/12/2008 02:28 PM | 00,266,497 | ---- | M] (Avira GmbH)
"DLA" = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [09/08/2005 03:20 AM | 00,122,940 | ---- | M] (Sonic Solutions)
"ISUSPM Startup" = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [08/30/2007 11:50 AM | 00,205,480 | ---- | M] (Macrovision Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [09/11/2006 06:56 AM | 00,086,960 | ---- | M] (Macrovision Corporation)
"LogitechCommunicationsManager" = "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [06/26/2006 10:46 AM | 00,497,200 | ---- | M] (Logitech Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [06/16/2006 06:39 AM | 07,323,648 | ---- | M] (NVIDIA Corporation)
"PWRISOVM.EXE" = C:\Program Files\PowerISO\PWRISOVM.EXE [03/14/2008 04:50 PM | 00,233,472 | ---- | M] (PowerISO Computing, Inc.)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [12/11/2006 12:07 AM | 00,282,624 | ---- | M] (Apple Computer, Inc.)
"SigmatelSysTrayApp" = stsystra.exe [08/15/2006 01:00 AM | 00,282,624 | ---- | M] (SigmaTel, Inc.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [11/29/2007 02:39 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"USB Storage Toolbox" = C:\Program Files\USB Disk Win98 Driver\Res.EXE [09/14/2005 08:44 PM | 00,065,536 | ---- | M] (ali)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor" = "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [04/02/2006 09:07 PM | 00,389,120 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.)
"ISUSPM" = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [08/30/2007 11:50 AM | 00,205,480 | ---- | M] (Macrovision Corporation)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [08/19/2008 11:34 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-2029747877-1938755978-3337594927-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor" = "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [04/02/2006 09:07 PM | 00,389,120 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.)
"ISUSPM" = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [08/30/2007 11:50 AM | 00,205,480 | ---- | M] (Macrovision Corporation)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [08/19/2008 11:34 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_USERS\S-1-5-21-2029747877-1938755978-3337594927-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[Guest Startup Folder - C:\Documents and Settings\Guest\Start Menu\Programs\Startup]

[Katherine Bhan Startup Folder - C:\Documents and Settings\Katherine Bhan\Start Menu\Programs\Startup]
[03/09/2004 04:07 PM | 00,086,133 | ---- | M] (Tenebril Incorporated) - C:\Documents and Settings\Katherine Bhan\Start Menu\Programs\Startup\Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe

[Slava Fedorchuk Startup Folder - C:\Documents and Settings\Slava Fedorchuk\Start Menu\Programs\Startup]
[03/16/2005 08:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\Slava Fedorchuk\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[03/09/2004 04:07 PM | 00,086,133 | ---- | M] (Tenebril Incorporated) - C:\Documents and Settings\Slava Fedorchuk\Start Menu\Programs\Startup\Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (Yahoo! Toolbar Helper) - [10/26/2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/23/2006 12:08 AM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
HKLM CLSID: (SpywareBlock Class) - [08/22/2005 09:57 PM | 00,118,784 | ---- | M] (Tenebril Inc.) C:\Program Files\SpyCatcher\SCActiveBlock.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [11/29/2007 02:39 PM | 00,370,296 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: () - [05/31/2005 02:04 AM | 00,853,672 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [09/08/2005 03:20 AM | 00,110,652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [11/10/2005 11:22 AM | 00,184,423 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
HKLM CLSID: (CBrowserHelperObject Object) - [08/30/2006 09:58 AM | 00,094,208 | ---- | M] (Dell Inc.) C:\Program Files\BAE\BAE.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{C7768536-96F8-4001-B1A2-90EE21279187}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-21-2029747877-1938755978-3337594927-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{C7768536-96F8-4001-B1A2-90EE21279187}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

========== AppInit_Dlls ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"secuload.dll" - File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" =
HKLM CLSID: (SABShellExecuteHook Class) - [05/13/2008 10:13 AM | 00,077,824 | ---- | M] (SuperAdBlocker.com) C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [07/23/2008 04:28 PM | 00,352,256 | ---- | M] (SUPERAntiSpyware.com)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDriveAutoRun" = -1
"NoToolbarCustomize" = 1
"NoDrives" = 12
"StartMenuLogoff" = 1
"NoStartMenuMorePrograms" = 1
"NoSetFolders" = 1
"NoRun" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispCPL" = 1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-21-2029747877-1938755978-3337594927-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDriveAutoRun" = -1
"NoToolbarCustomize" = 1
"NoDrives" = 12
"StartMenuLogoff" = 1
"NoStartMenuMorePrograms" = 1
"NoSetFolders" = 1
"NoRun" = 0

[HKEY_USERS\S-1-5-21-2029747877-1938755978-3337594927-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispCPL" = 1

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "about:Home"
"SubscribedURL" = "about:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NvCplDaemon
"hkey" = HKLM
"command" = C:\WINDOWS\system32\nvcpl.dll [06/16/2006 06:39 AM | 07,323,648 | ---- | M] (NVIDIA Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 2
"services" = 0
"startup" = 0

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[08/16/2005 02:43 AM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
"" = AutoRun

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{03597796-5AB0-4CC3-B5CF-5E6C042C2066}]
Servers: | Description: Broadcom 440x 10/100 Integrated Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FFF26D85-4ABC-4F51-A0DE-CFD634A1EBD7}]
Servers: | Description:

========== Hosts File ==========

HOSTS File = (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

< End of report >

Veka · August 2008

I'd like to know is this your personal computer or does it belong to your company?

Who is the admin of this computer?

JoeStrummer · August 2008

Oh right... I can't believe I forgot to mention that.

This is my personal computer, although my family occasionally uses it when their laptops are not working. It has 3 accounts (1 for me, 1 for mom, 1 for dad) each of which is given full admin power. So far, I have had no trouble installing or uninstalling, so the changes that have been made were very specialized and limited.

None of us tweaked the security settings, so it would have been the infection that disabled this, right?

Veka · August 2008

Thank you. Why there was no antivirus program installed?

None of us tweaked the security settings, so it would have been the infection that disabled this, right?

Yea, that's very possible. I see you know something about these security setting and that they are, indeed, tweaked.

Is it possible to format the entire hard drive and reinstall the Operation System?

JoeStrummer · August 2008

I had spybot search and destroy and it's worked for containing infections in the past, I assumed that was safe enough. I used to use X-Con Spyware Destroyer, but my family is kinda stingy and we stopped once they started charging. I wasn't aware of spyware that could disable this much of my computer so I figured as long as I had a scanner I would be able to handle it. So yes, once again, me being dumb :/

I would have no idea... I hope i do not have to resort to that. We would not be able to reinstall the OS on our own, we would need to send it back the the manufacturer and I know my parents would sooner just stick with a buggy machine than spend the money to do that.

Is there any sort of program that can reset user settings or somehow purge the system back to its initial state? Any program we would lose we could reinstall no problem.

JoeStrummer · August 2008

Aha! I found a really roundabout way to worm my way into drive C. This should make cleaning out the system a bit easier.

Does this open up any new avenues of defense?

Veka · September 2008

Hello Joe. Yes, there is a way to reset tweaked settings.

Download RegDACL, and extract it to your desktop.
Launch Notepad, and copy & paste the contents of the code-box below into it

RegDACL HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /GGE:F
RegDACL HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System /GGE:F

Save it as FixReg.bat and set the "Save as type" to All Files in the pull down menu.
Be sure to save it in the same folder as the one where you extracted RegDACL.
Open the RegDACL folder, and double click on your FixReg.bat you just created and allow it to run.
Answer yes to all prompts.

Launch Notepad again, and copy & paste the contents of the code-box below into it

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=-
"StartMenuLogoff"=-
"NoStartMenuMorePrograms"=-
"NoSetFolders"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispCPL"=-

Save it on your desktop as fixme.reg. For the "save as type" choose all files.
Locate fixme.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Are you sure you want to add the information in fixme.reg to the registry?". Answer Yes
Wait for a message to appear similar to "Information in fixme.reg has been successfully entered into the registry". Now it's done.

Let me know if any problems arise or this failed to make changes.

JoeStrummer · September 2008

I received no prompts of any sort for the first one, but everything looks like its back to normal!

I'm really grateful for your patience and help! I truly appreciate what you guys do here, next chance I get I'd like to make a small donation as a token of my appreciation. How would I go about doing that? I have a bank account in my name so i could make a transfer if you PM'ed me the necessary information

Veka · September 2008

I really appreciate your offer, but our help here is absolutely free.

There are still a couple of things to do... please carry on with me

Step 1:

Click here to download ATF Cleaner by Atribune and save it to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- If you use Firefox:
  - Click Firefox at the top and choose: Select All
  - Click the Empty Selected button.
  - NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- If you use Opera:
  - Click Opera at the top and choose: Select All
  - Click the Empty Selected button.
- - NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step 2:

You have SUPERAntiSpyware installed, please run that as instructed below.

Click the Check for Updates button.
Once the update is finished click the Scan your Computer button.
Check Perform Complete Scan and then Next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press Next.
Click Finish and you will be taken back to the main interface.
Click Preferences and then click the Statistics/Logs tab. Click the dated log (latest one) and press View log and a text file will appear.
Copy and paste the log onto the forum.

Step 3:

On your next reply, please include

fresh HijackThis log
SUPERAntispyware log
a description on how's your machine running

JoeStrummer · September 2008

Well don't hesitate to PM me if you guys get a policy change

Good call on doing a final sweep, caught one last little bugger.

System was running perfectly fine except the HTML on some webpages (no pattern noticed) was invariably screwed up. Ever since I got the last trojan out, the system has been running at a normal speed and seems to show signs of all around health. Nothing unusual or weird.

Here is the scan log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/02/2008 at 06:36 PM

Application Version : 4.20.1046

Core Rules Database Version : 3554
Trace Rules Database Version: 1542

Scan type : Complete Scan
Total Scan Time : 02:12:47

Memory items scanned : 516
Memory threats detected : 0
Registry items scanned : 6117
Registry threats detected : 0
File items scanned : 166606
File threats detected : 1

Trojan.Unclassified/MMX
C:\WINDOWS\SYSTEM32\MMX92192.DLL

And here is the hijack log

Logfile of HijackThis v1.99.1
Scan saved at 7:08:16 PM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Everything lookin good?

Veka · September 2008

Thank you.

You may want to print out these instructions or save them as a text file with Notepad to your desktop

Step 1:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

Note: Please close any instances of Internet Explorer before continuing!

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 7

Step 2:

Once you have managed to install the latest version of Java, please do a final scan with Kaspersky

Note: Internet Explorer should be used

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
Click on My Computer under Scan and then put the kettle on!
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste the report into your next reply.

JoeStrummer · September 2008

Hey, sorry I've been so slow with replying school has just started up and I've been swamped with AP stuff.

Anyway, I updated my Java as you asked, but i've been having some trouble with saving logs through kaspersky. I'll run a scan overnight and post something tomorrow.

JoeStrummer · September 2008

Okay, here's the scan result:

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 09, 2008 15:41:34
Records in database: 1203628

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
L:\

Scan statistics:
Files scanned: 156486
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:21:07

File name / Threat name / Threats count
C:\Documents and Settings\Slava Fedorchuk\Desktop\SysAidServerFreeC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 2

The selected area was scanned.

Veka · September 2008

Very good.

Do you have any idea what is this SysAidServerFreeC.exe ?

JoeStrummer · September 2008

Not anything definite.

My dad uses a music system similar to itunes called bearshare, I've had anti-virus programs flag their tracking cookies as spyware before. It could be that.

Admittedly, the "not a virus" part makes it even more confusing, because it seems like just the kind of tactic spyware would use.

Googling didnt reveal anything helpful either.

My computer is running fine though, so if this is a virus its very subtle in its doings.

What would you recommend?

Veka · September 2008

OK, let's see if this gives any information

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
Please post the contents of both:
- log.txt (will be maximized)
- info.txt (will be minimized)

JoeStrummer · September 2008

Okay here is the info file

info.txt logfile of random's system information tool 2008-09-10 19:40:02

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy 5.1.0.7-->"C:\Program Files\LG Software Innovations\1Click DVD Copy 5\unins000.exe"
ActivePerl 5.10.0 Build 1002-->MsiExec.exe /I{49C69876-0196-4620-B237-EA334C2E40B5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BearShare-->C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Complete Cleanup Trial-->"C:\Program Files\Complete Cleanup Trial\unins000.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Crimson Editor (remove only)-->C:\Program Files\Crimson Editor\uninstall.exe
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Support 3.2-->MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DVD43 v3.9.0-->"C:\Program Files\dvd43\unins000.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7000F Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}\Setup.exe" -l0x9
EPSON Stylus CX7000F User's Guide-->C:\Program Files\epson\guide\cx7000f_e\uninstall.exe
FileZilla Client 3.0.9.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FLEXnet Connect SDK-->C:\Program Files\InstallShield Installation Information\{9F1E9E57-DD22-11D5-8B43-00105A9846E9}\setup.exe -runfromtemp -l0x0009 -removeonly
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Garmin USB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}\setup.exe" -l0x9 AddRemove
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Linksys EasyLink Advisor 1.5 (1010)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
MATLAB Family of Products Release 14-->C:\MATLAB701\uninstall\uninstall.exe C:\MATLAB701\
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MiKTeX 2.6-->"C:\Program Files\MiKTeX 2.6\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.6\miktex\config\uninstall.dat"
Modem Diagnostic Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PuTTY version 0.59-->"C:\Program Files\PuTTY\unins000.exe"
Python 2.5.1-->MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
R for Windows 2.6.1-->"C:\Program Files\R\R-2.6.1\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins001.exe"
Star Wars Empire at War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
StarCraft X-tra Editor Version 2.5-->"C:\Program Files\Starcraft\SCXEDeinst\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sword of the Stars-->C:\Program Files\Lighthouse Interactive\Sword of the Stars\Uninstall.exe
UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
USB Disk Win98 Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe" -l0x9
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

Security center information

AV: Avira AntiVir PersonalEdition

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\MiKTeX 2.6\miktex\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\MATLAB701\bin\win32;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\X-Con Spyware Destroyer EH
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

EOF

JoeStrummer · September 2008

And here is the log

Logfile of random's system information tool (written by random/random)
Run by Slava Fedorchuk at 2008-09-10 19:39:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (38%) free of 71 GB
Total RAM: 1022 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:59 PM, on 9/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Slava Fedorchuk\Desktop\RSIT.exe
C:\Program Files\trend micro\Slava Fedorchuk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8110 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\MP Scheduled Scan.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
SpywareBlock Class - C:\Program Files\SpyCatcher\SCActiveBlock.dll [2005-08-22 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-11-29 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-08-15 282624]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"USB Storage Toolbox"=C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-06-26 497200]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-29 185896]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-14 233472]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-16 7323648]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-12-11 282624]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-04-02 389120]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-04 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-06-16 7323648]

C:\Documents and Settings\Slava Fedorchuk\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Scheduler.lnk - C:\Program Files\SpyCatcher\Scheduler daemon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="secuload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Slava Fedorchuk\Desktop\1280_StarCraft2GameplayVideo_EnglishUS2-avi-downloader.exe"="C:\Documents and Settings\Slava Fedorchuk\Desktop\1280_StarCraft2GameplayVideo_EnglishUS2-avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Slava Fedorchuk\My Documents\Downloads\The.Duke.Nukem.3D.High.Resolution.Version-NoGrp\Duke3D\Duke3D\eduke32.exe"="C:\Documents and Settings\Slava Fedorchuk\My Documents\Downloads\The.Duke.Nukem.3D.High.Resolution.Version-NoGrp\Duke3D\Duke3D\eduke32.exe:*:Enabled:eduke32"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\Program Files\Lighthouse Interactive\Sword of the Stars\Sword of the Stars.exe"="C:\Program Files\Lighthouse Interactive\Sword of the Stars\Sword of the Stars.exe:*:Enabled:Sword of the Stars"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

List of files/folders created in the last three months

2008-09-10 19:39:41 ----D---- C:\rsit
2008-09-09 16:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 16:49:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-08 18:13:51 ----D---- C:\Documents and Settings\Slava Fedorchuk\Application Data\SPORE
2008-09-07 14:02:10 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-07 14:02:10 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-07 14:02:10 ----A---- C:\WINDOWS\system32\java.exe
2008-08-31 20:31:40 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-31 11:41:41 ----D---- C:\_OTMoveIt
2008-08-30 23:47:21 ----D---- C:\Program Files\Avira
2008-08-30 23:47:21 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-30 12:49:11 ----D---- C:\Program Files\Hijackthis
2008-08-30 12:43:43 ----D---- C:\Program Files\Desktop Hijack fix
2008-08-30 12:43:35 ----N---- C:\WINDOWS\Setup1.exe
2008-08-30 12:43:34 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-08-29 12:09:54 ----D---- C:\Documents and Settings\Slava Fedorchuk\Application Data\TmpRecentIcons
2008-08-29 12:09:45 ----A---- C:\WINDOWS\eskd.exe
2008-08-27 20:13:18 ----D---- C:\My Downloads
2008-08-27 12:20:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-27 12:20:49 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-27 12:20:49 ----D---- C:\Documents and Settings\Slava Fedorchuk\Application Data\SUPERAntiSpyware.com
2008-08-27 12:13:11 ----D---- C:\Program Files\X-Con Spyware Destroyer EH
2008-08-26 23:11:11 ----HD---- C:\WINDOWS\msdownld.tmp
2008-08-26 23:11:11 ----D---- C:\Adobe
2008-08-20 01:14:53 ----D---- C:\Documents and Settings\Slava Fedorchuk\Application Data\Petroglyph
2008-08-18 13:23:24 ----D---- C:\WINDOWS\Prefetch
2008-08-18 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-17 14:47:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-17 14:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-17 14:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-17 14:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-17 14:45:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-17 14:45:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-17 14:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-17 14:44:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-17 14:44:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-17 14:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-17 14:35:59 ----D---- C:\WINDOWS\system32\scripting
2008-08-17 14:35:59 ----D---- C:\WINDOWS\l2schemas
2008-08-17 14:35:58 ----D---- C:\WINDOWS\system32\en
2008-08-17 14:35:58 ----D---- C:\WINDOWS\system32\bits
2008-08-17 14:33:52 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-17 14:28:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-17 13:49:03 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-17 13:49:01 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-17 13:49:00 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-17 13:48:59 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-17 13:48:53 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-17 13:48:53 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-17 13:48:47 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-17 13:48:45 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-17 13:48:45 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-17 13:48:44 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-17 13:48:41 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-17 13:48:39 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-17 13:48:38 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-17 13:48:37 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-17 13:48:37 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-17 13:48:35 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-17 13:48:35 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-17 13:48:35 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-17 13:48:34 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-17 13:48:33 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-17 13:48:25 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-17 13:48:25 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-17 13:48:25 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-17 13:48:25 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-17 13:48:25 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-17 13:48:25 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-17 13:48:21 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-17 13:48:21 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-17 13:48:08 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-17 13:48:08 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-17 13:48:08 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-17 13:48:08 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-17 13:47:59 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-17 13:47:58 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-17 13:47:57 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-17 13:47:57 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-17 13:47:57 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-17 13:47:57 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-17 13:47:49 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-08-17 13:47:48 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-08-17 13:47:46 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-08-17 13:47:42 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-17 13:47:38 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-17 13:47:38 ----A---- C:\WINDOWS\003047_.tmp
2008-08-17 13:47:37 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-17 13:47:37 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-17 13:47:37 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-17 13:47:37 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-17 13:47:37 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-17 13:47:37 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-17 13:47:37 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-17 13:47:37 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-17 13:47:35 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-17 13:47:35 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-17 13:47:35 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-17 13:47:35 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-17 13:47:35 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-17 13:47:35 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-17 13:47:35 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-17 13:47:35 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-17 13:47:35 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-17 13:47:34 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-17 13:47:33 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-17 13:47:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-17 13:47:28 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-17 13:47:28 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-17 13:47:28 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-17 13:47:27 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-08-17 13:47:27 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-17 13:47:27 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-17 13:47:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-17 13:47:27 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-17 13:47:23 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-12 12:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-12 12:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-12 12:53:47 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-12 12:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-12 12:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-12 12:52:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-12 12:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-07-28 12:39:08 ----D---- C:\WINDOWS\system32\Adobe
2008-07-28 12:28:55 ----ASH---- C:\WINDOWS\system32\pYycdccf.ini2
2008-07-28 12:28:55 ----ASH---- C:\WINDOWS\system32\pYycdccf.ini
2008-07-25 20:51:42 ----D---- C:\Program Files\Lighthouse Interactive
2008-07-18 12:09:46 ----D---- C:\Documents and Settings\Slava Fedorchuk\Application Data\Bioshock
2008-07-18 12:09:42 ----RHD---- C:\Documents and Settings\Slava Fedorchuk\Application Data\SecuROM
2008-07-09 01:43:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-28 13:15:57 ----D---- C:\ProgramData
2008-06-27 02:27:37 ----D---- C:\Documents and Settings\Slava Fedorchuk\Application Data\SPORE Creature Creator
2008-06-20 18:30:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-17 19:51:36 ----D---- C:\Program Files\Electronic Arts
2008-06-17 09:54:48 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

List of drivers

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 GRTdiMon;GR TDI Mon; C:\WINDOWS\System32\Drivers\GRTdiMon.sys [2005-07-11 20480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-14 44544]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2007-01-29 18816]
R3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2007-11-25 29184]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-16 3581888]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-01-29 47360]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2006-06-22 12080]
R3 PID_08A0;Logitech QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2006-06-22 720176]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-08-15 1171464]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\Wizet\MapleStory\npkcrypt.sys []
S3 ADSFilter;ADSFilter - (Aluria Filter Driver); C:\WINDOWS\system32\DRIVERS\ADSFilter.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 agk11trx;agk11trx; C:\WINDOWS\system32\drivers\agk11trx.sys []
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcusb;npkcusb; \??\C:\Program Files\Wizet\MapleStory\npkcusb.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; C:\WINDOWS\system32\DRIVERS\usbcm.sys [2002-04-11 13335]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WINIO;WINIO; \??\C:\WINDOWS\system32\winio.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\system32\DRIVERS\cbidf2k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\system32\DRIVERS\intelide.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\viaagp.sys []

List of services

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
R2 matlabserver;MATLAB Server; C:\MATLAB701\webserver\bin\win32\matlabserver.exe [2004-08-16 536576]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-16 143427]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-14 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

EOF

Veka · September 2008

OK, SysAidServerFreeC.exe doesn't appear in the list so it's older than three months.

Have you seen that file in Slava Fedorchuk's desktop before?

Please right-click SysAidServerFreeC.exe and select Properties.
Click the Version tab. There you find information about the file (Comments, Company etc.)

What it says?

JoeStrummer · September 2008

I cannot be sure whether or not i've seen it before, but its date of creation (Feb 19 2007) does not coincide with any virus outbreak i've had.

Here's the file spec:

File Version: 0.0.0.0
Description: Sys Aid Server Setup
Copyright: 2002-2006 Ilient Ltd.

Other Version Information
Comments: This installation was built with Inno Setup: http://www.innosetup.com
Company:
File Version:
Language: English (United States)

I have no idea what this innosetup.com thing is, I've never visited this site in my life.

Since its installed on my desktop (I am Slava Fedorchuk) I'm guessing it was an addon with something else, spyware or otherwise.

Whatever it is, it produces no noticeable effects on my computer. Since its an unknown foreign file, it can not be a critical system process and can therefore be eliminated.

Unless you want me to do otherwise, I would be perfectly content to purge it as a precaution. Does this seem good to you?

Veka · September 2008

Yea, it's not system file and I'm pretty sure it's harmless. It's an installer of SysAid Server Trial.

http://www.ilient.com/
http://www.ilient.com/website/serverTrial.jsp

Remove if not needed.

Veka · September 2008

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up System Restore

You can find instructions on how to disable and enable System Restore from these guides:

Disable And Enable System Restore
Windows XP System Restore Guide

Make Your Internet Explorer More Secure

This can be done by following these simple instructions:

From within Internet Explorer click on the tools menu and then click on Options
Click once on the "Security" tab
Click once on the "Internet" icon so it becomes highlighted
Click once on the Custom Level button.
- Change the "Download signed ActiveX" controls to Prompt
- Change the "Download unsigned ActiveX" controls to Disable
- Change the "Initialize and script ActiveX controls" not marked as safe to Disable
- Change the "Launching programs and files in an IFRAME" to Prompt
- Change the "Navigate sub-frames across different domains" to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Note that Internet Explorer is not the most secure browser. There are safer (and better) alternatives available like Opera and Firefox.

Keep Your System Up to date

It is imperative that you keep your Windows, Antivirus, and other softwares up to date. Otherwise you are not protected against new threats and your system is vulnerable and unsafe. Update your Antivirus software at least once a week, and visit Microsoft Windows Update site regularly.

Install SpywareBlaster

SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware

Additional Utilities and Tips to Enhance Your Safety

MVPS Hosts file --- The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Comodo BOCLEAN --- Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol --- Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software

Get more knowledge about how to protecet your computer and prevent malware issues by reading these short articles:

How to prevent Malware by miekiemoes
So How Did I Get Infected In First Place by Tony Klein
Ten Commandments for Your Computer Sanity by BitDefender

Happy surfing and stay clean!

JoeStrummer · September 2008

Will do

Once again, thank you for all your help!

Veka · September 2008

Glad we could be of assistance! The help you received here was free.

This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead

_______________________________

Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.