new plague hit me lexbce server infected

Unknown · April 2009

ok here we go . lexbce server corupted and stops items like weatherbug windows update from accessing internet. disables firewall and will not let me access the networking options or local network connections. OH and it makes a new entry in msconfig under statup od ctmon, . first time in 12 years ive had to ask for help this one has me stumped below is hijack this text
thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:20 PM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZoneTick\zonetick.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Don Franklin\Start Menu\Programs\Startup\XP_SystemUptime.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pwrchute\ups.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - S-1-5-18 Startup: Launch Microsoft Office Outlook (2).lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: XP_SystemUptime.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Launch Microsoft Office Outlook (2).lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (User 'Default user')
O4 - .DEFAULT Startup: XP_SystemUptime.exe (User 'Default user')
O4 - Startup: Launch Microsoft Office Outlook (2).lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: XP_SystemUptime.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ebay.com
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD4B9677-CFAE-4E7B-8B90-33C57157689C}: NameServer = 38.100.180.130,38.100.180.131
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: UPS - APC PowerChute plus (UPS) - APC - C:\Program Files\Pwrchute\ups.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 12130 bytes

,

Katana · April 2009

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

Big-Mo · April 2009

Katana wrote:

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully

If you don't understand something, stop and ask! Don't keep going on.

Please do not run any other tools or scans whilst I am helping you

Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following

Download and Run RSIT
Please download Random's System Information Tool by random/random from here and save it to your desktop.

Double click on RSIT.exe to run RSIT.

Click Continue at the disclaimer screen.

Once it has finished, two logs will open:
log.txt will be opened maximized.

info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.

here is first of two files.

thanks in advance
Logfile of random's system information tool 1.06 (written by random/random)
Run by Don Franklin at 2009-04-17 16:09:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 82 GB (82%) free of 100 GB
Total RAM: 1536 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:49 PM, on 4/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZoneTick\zonetick.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Documents and Settings\Don Franklin\Start Menu\Programs\Startup\XP_SystemUptime.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pwrchute\ups.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\Documents and Settings\Don Franklin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Don Franklin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: XP_SystemUptime.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - .DEFAULT Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe (User 'Default user')
O4 - .DEFAULT Startup: XP_SystemUptime.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe
O4 - Startup: XP_SystemUptime.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.ebay.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD4B9677-CFAE-4E7B-8B90-33C57157689C}: NameServer = 38.100.180.130,38.100.180.131
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: UPS - APC PowerChute plus (UPS) - APC - C:\Program Files\Pwrchute\ups.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 13840 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-03-18 5751624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-03-18 5751624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2006-11-16 35368]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2003-05-15 114688]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-06-18 46592]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2004-10-07 196608]
"DiskeeperSystray"=C:\Program Files\Diskeeper\DkIcon.exe [2006-10-04 163840]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2001-12-17 617984]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-02-07 705832]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-09-14 648488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-11 30248]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-11 46632]
"WFXSwtch"=C:\PROGRA~1\WinFax\WFXSWTCH.exe [2002-12-12 28160]
"WinFaxAppPortStarter"=C:\WINDOWS\system32\wfxsnt40.exe [2002-12-12 45568]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
"StartupDelayer"=C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [2007-12-14 26112]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2009-01-30 1347584]
"Uniblue SpyEraser"=C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-12-22 1431816]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2009-03-18 160592]
"ZoneTick"=C:\Program Files\ZoneTick\zonetick.exe [2009-02-09 200192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\gprs.exe [2007-12-27 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Don Franklin^Start Menu^Programs^Startup^Event Reminder.lnk]
C:\pmw\PMREMIND.EXE [1997-07-30 255408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Don Franklin^Start Menu^Programs^Startup^MemTurbo.lnk]
D:\DOWNLO~1\memturbo.exe [2000-09-02 221696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe

C:\Documents and Settings\Don Franklin\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
MemTurbo.lnk - C:\Program Files\Memturbo 4\MemTurbo.exe
XP_SystemUptime.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-12-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2003-05-29 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=C:\Program Files\WinFax\WfxSeh32.Dll [1998-07-27 38400]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\Windows Defender\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowCpl"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Symantec\pcAnywhere\Winaw32.exe"="C:\Program Files\Symantec\pcAnywhere\Winaw32.exe:*:Enabled:pcAnywhere Main Executable"
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe"="C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service"
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe"="C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Dishnewbies-IRC\mirc.exe"="C:\Program Files\Dishnewbies-IRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ÂµTorrent"
"C:\Program Files\AWS\WeatherBug\Weather.exe"="C:\Program Files\AWS\WeatherBug\Weather.exe:*:Enabled:WeatherBug"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft Games\Flight Simulator 9\Crack\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-04-17 16:09:41 ----D---- C:\rsit
2009-04-17 04:03:41 ----D---- C:\WINDOWS\LastGood
2009-04-16 15:17:31 ----D---- C:\WINDOWS\Prefetch
2009-04-16 15:13:03 ----A---- C:\WINDOWS\setuplog.txt
2009-04-16 15:10:37 ----A---- C:\WINDOWS\000001_.tmp
2009-04-15 22:23:45 ----D---- C:\Program Files\Windows Defender
2009-04-15 04:12:32 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 04:12:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 04:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 04:05:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 04:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 04:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-14 22:59:38 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-13 17:29:14 ----D---- C:\Program Files\Cool Timer
2009-04-13 17:29:14 ----A---- C:\WINDOWS\system32\ccrpTmr6.dll
2009-04-12 21:46:49 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-12 21:42:11 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-12 17:17:04 ----D---- C:\WINDOWS\BDOSCAN8
2009-04-12 13:50:54 ----D---- C:\Program Files\Trend Micro
2009-04-12 09:26:54 ----A---- C:\WINDOWS\system32\sw_wheel.dll
2009-04-12 09:26:54 ----A---- C:\WINDOWS\system32\sw_effct.dll
2009-04-12 09:01:29 ----D---- C:\Program Files\Microsoft Games
2009-04-12 08:06:35 ----D---- C:\Program Files\Common Files\CyberLink
2009-04-12 08:05:00 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-04-12 07:45:23 ----D---- C:\lexmark
2009-04-12 07:00:51 ----D---- C:\Documents and Settings\Don Franklin\Application Data\CyberLink
2009-04-12 06:59:02 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-04-12 06:59:01 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-04-12 06:45:36 ----A---- C:\WINDOWS\system32\gearsec.exe
2009-04-12 06:45:36 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-04-11 22:36:09 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-11 22:21:01 ----A---- C:\WINDOWS\resetlog.txt
2009-04-11 20:04:09 ----A---- C:\WINDOWS\imsins.BAK
2009-04-11 18:26:26 ----D---- C:\Program Files\AWS
2009-04-11 14:56:35 ----D---- C:\VundoFix Backups
2009-04-11 14:56:35 ----A---- C:\VundoFix.txt
2009-04-07 20:52:37 ----D---- C:\Program Files\Microsoft Games(2)
2009-04-07 20:22:00 ----D---- C:\Documents and Settings\Don Franklin\Application Data\r2 Studios
2009-04-07 20:22:00 ----D---- C:\Documents and Settings\All Users\Application Data\r2 Studios
2009-04-07 20:21:53 ----D---- C:\Program Files\r2 Studios
2009-04-07 20:11:46 ----D---- C:\Program Files\Xvid
2009-04-07 19:36:39 ----D---- C:\Program Files\MagicDisc
2009-04-07 19:35:51 ----D---- C:\Program Files\MagicISO
2009-04-06 22:15:22 ----D---- C:\DECCHECK
2009-04-06 20:25:12 ----D---- C:\Program Files\CyberLink
2009-04-06 20:23:58 ----D---- C:\Program Files\AviSynth 2.5
2009-04-06 20:23:33 ----D---- C:\Program Files\Avi2Dvd
2009-04-06 20:18:15 ----D---- C:\Program Files\321Studios
2009-04-06 19:21:10 ----D---- C:\Program Files\Wondershare
2009-04-02 22:44:14 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-04-02 22:44:14 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-04-02 22:44:14 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-04-02 22:38:23 ----A---- C:\WINDOWS\system32\Scale_en.dll
2009-04-02 22:38:23 ----A---- C:\WINDOWS\system32\Icam3com.dll
2009-03-25 18:00:56 ----A---- C:\WINDOWS\system32\simptcp.dll
2009-03-25 18:00:56 ----A---- C:\WINDOWS\system32\ftpctrs2.dll
2009-03-25 18:00:56 ----A---- C:\WINDOWS\system32\ftpctrs.ini
2009-03-22 20:51:06 ----A---- C:\WINDOWS\netdet.ini
2009-03-22 20:50:20 ----A---- C:\WINDOWS\system32\ccrpbds6.dll
2009-03-22 20:50:19 ----D---- C:\Program Files\JerMar Software
2009-03-20 14:56:52 ----A---- C:\WINDOWS\WTNSETUP.INI
2009-03-20 14:53:35 ----A---- C:\WINDOWS\system32\401COMUPD.EXE
2009-03-20 14:52:48 ----A---- C:\WINDOWS\system32\DCCWFP32.DLL
2009-03-20 14:52:48 ----A---- C:\WINDOWS\system32\DCCMSP32.DLL
2009-03-20 14:52:48 ----A---- C:\WINDOWS\system32\DCCEXT32.DLL
2009-03-20 14:52:47 ----A---- C:\WINDOWS\WINFAX.INI
2009-03-20 14:52:47 ----A---- C:\WINDOWS\system32\WFXSVC.EXE
2009-03-20 14:52:47 ----A---- C:\WINDOWS\system32\WFXSNT40.EXE
2009-03-20 14:52:47 ----A---- C:\WINDOWS\system32\WFXMNTHQ.DLL
2009-03-20 14:52:47 ----A---- C:\WINDOWS\system32\WFXMNT40.DLL
2009-03-20 14:52:47 ----A---- C:\WINDOWS\system32\IMPLODE.DLL
2009-03-20 14:52:47 ----A---- C:\WINDOWS\system32\Crpe32.dll
2009-03-20 14:52:47 ----A---- C:\WINDOWS\system32\Crpaig32.dll
2009-03-20 14:52:42 ----D---- C:\Program Files\Common Files\Novell Shared
2009-03-20 14:52:41 ----D---- C:\Program Files\WinFax
2009-03-20 14:52:41 ----A---- C:\WINDOWS\WFXDEL.BAT
2009-03-18 18:30:18 ----D---- C:\Program Files\uTorrent
2009-03-18 18:30:16 ----D---- C:\Documents and Settings\Don Franklin\Application Data\uTorrent
2009-03-18 18:01:36 ----D---- C:\Program Files\PowerQuest

======List of files/folders modified in the last 1 months======

2009-04-17 16:09:42 ----D---- C:\WINDOWS\Temp
2009-04-17 12:30:38 ----D---- C:\Program Files\Pwrchute
2009-04-17 06:04:44 ----D---- C:\WINDOWS\Registration
2009-04-17 04:08:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-17 04:06:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-17 04:06:59 ----HD---- C:\WINDOWS\inf
2009-04-17 04:06:53 ----D---- C:\WINDOWS\system32
2009-04-17 04:06:41 ----D---- C:\WINDOWS
2009-04-17 04:03:02 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-16 22:25:19 ----D---- C:\Program Files\Mozilla Firefox
2009-04-16 20:57:05 ----A---- C:\WINDOWS\system.ini
2009-04-16 20:47:08 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Voicemodem.txt
2009-04-16 20:45:48 ----D---- C:\WINDOWS\system32\FxsTmp
2009-04-16 20:40:18 ----A---- C:\WINDOWS\win.ini
2009-04-16 20:34:39 ----SH---- C:\boot.ini
2009-04-16 19:49:42 ----SD---- C:\WINDOWS\Tasks
2009-04-16 19:47:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-16 19:47:06 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2009-04-16 19:47:06 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt
2009-04-16 19:47:00 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2009-04-16 19:45:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-16 16:58:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-16 15:11:54 ----D---- C:\Program Files\Messenger
2009-04-16 15:11:49 ----D---- C:\WINDOWS\Help
2009-04-16 15:11:48 ----D---- C:\WINDOWS\system32\oobe
2009-04-16 15:10:55 ----D---- C:\WINDOWS\security
2009-04-16 15:10:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-16 15:10:36 ----D---- C:\WINDOWS\system32\drivers
2009-04-16 15:10:15 ----D---- C:\WINDOWS\EHome
2009-04-15 22:23:54 ----SHD---- C:\WINDOWS\Installer
2009-04-15 22:23:54 ----HD---- C:\Config.Msi
2009-04-15 22:23:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-15 22:23:45 ----RD---- C:\Program Files
2009-04-15 17:28:13 ----D---- C:\WINDOWS\system32\Restore
2009-04-15 17:28:12 ----SHD---- C:\System Volume Information
2009-04-15 05:40:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 05:35:03 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 05:35:03 ----D---- C:\WINDOWS\AppPatch
2009-04-15 04:10:17 ----D---- C:\WINDOWS\system32\en-US
2009-04-15 04:10:17 ----D---- C:\Program Files\Internet Explorer
2009-04-15 04:09:35 ----D---- C:\WINDOWS\ie7updates
2009-04-15 04:06:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-14 21:14:59 ----D---- C:\Program Files\Auction Sentry
2009-04-14 19:59:58 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-04-14 19:36:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-14 16:45:37 ----D---- C:\WINDOWS\Debug
2009-04-13 17:44:18 ----D---- C:\WINDOWS\Downloaded Installations
2009-04-13 17:29:14 ----RSD---- C:\WINDOWS\Fonts
2009-04-12 21:42:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-12 21:42:06 ----D---- C:\Program Files\Lavasoft
2009-04-12 21:42:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-12 17:17:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-12 12:33:45 ----D---- C:\WINDOWS\pss
2009-04-12 12:21:59 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem.txt
2009-04-12 08:07:21 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-04-12 08:06:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-12 08:06:35 ----D---- C:\Program Files\Common Files
2009-04-12 08:05:54 ----D---- C:\WINDOWS\WinSxS
2009-04-12 08:05:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-11 18:25:51 ----A---- C:\testfile.txt
2009-04-11 17:56:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-11 14:23:15 ----D---- C:\WINDOWS\system32\config
2009-04-11 14:21:59 ----D---- C:\WINDOWS\system
2009-04-11 14:20:55 ----D---- C:\Documents and Settings\Don Franklin\Application Data\mIRC
2009-04-08 20:59:48 ----SD---- C:\Documents and Settings\Don Franklin\Application Data\Microsoft
2009-04-08 15:30:04 ----D---- C:\Program Files\Dishnewbies-IRC
2009-04-08 15:29:24 ----D---- C:\Program Files\mIRC
2009-04-06 07:57:26 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-04 07:42:41 ----D---- C:\Program Files\Common Files\Adobe
2009-04-04 07:42:40 ----D---- C:\Program Files\Adobe
2009-04-03 04:02:09 ----RSD---- C:\WINDOWS\assembly
2009-04-03 00:25:32 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-02 22:44:33 ----D---- C:\WINDOWS\system32\spool
2009-04-02 22:38:23 ----D---- C:\WINDOWS\twain_32
2009-04-01 15:45:40 ----A---- C:\WINDOWS\ODBC.INI
2009-03-25 18:01:00 ----D---- C:\Inetpub
2009-03-25 18:00:34 ----RD---- C:\WINDOWS\Web
2009-03-21 09:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-20 14:55:25 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-18 18:35:56 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm
2009-03-18 00:20:05 ----D---- C:\Program Files\Diskeeper

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-05-05 24365]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-04-21 10901]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 DLPORTIO;DLPORTIO; \??\C:\WINDOWS\DLPORTIO.sys []
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-09-14 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-09-14 25272]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-12-12 647680]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2002-03-22 134784]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [2002-09-25 9344]
R3 ICAM3NT5;Intel USB Video Camera III; C:\WINDOWS\System32\Drivers\Icam3.sys [2001-08-17 141056]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-05-27 96896]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-08-10 204672]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-07-23 659356]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 msgame;Sidewinder HID to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\msgame.sys [2001-08-17 35200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-12-12 397312]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper\DkService.exe [2006-10-04 892928]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\system32\gearsec.exe [2002-09-25 49152]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-09 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-09-14 648488]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2003-03-31 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 wfxsvc;WinFax PRO; C:\WINDOWS\system32\WFXSVC.EXE [2000-09-28 129536]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-08-10 26488]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2003-05-29 106496]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe []
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2003-03-31 19456]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

EOF

Big-Mo · April 2009

info.txt logfile of random's system information tool 1.06 2009-04-17 16:09:53

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
ASUS Probe V2.17.07-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Auction Sentry-->MsiExec.exe /X{DF29A0E2-DF76-4932-98A9-34B441F40486}
Avance AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bluesoleil2.7.0.13 VoIP Release 071227-->MsiExec.exe /X{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cool Timer 3.3-->"C:\Program Files\Cool Timer\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
Diskeeper 2007 Pro Premier-->MsiExec.exe /X{B1D8CAE1-62E8-4259-8B57-1755629F71EC}
DVDXCopy 1.2.2 b628 (remove only)-->C:\Program Files\321Studios\DVDXCopy\Uninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 990c series (Remove only)-->C:\Program Files\hp deskjet 990c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=990c -huninstall
ieSpell 2.2.0 (build 647)-->"C:\Program Files\ieSpell\uninst.exe"
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Magic ISO Maker v5.5 (build 0261)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.97-->C:\PROGRA~1\MagicDisc\UNWISE.EXE C:\PROGRA~1\MagicDisc\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memturbo (TM) 4-->"C:\Program Files\Memturbo 4\unins000.exe"
Microsoft .NET Framework 2.0 Client Service Pack 2-->MsiExec.exe /I{CAAFB8F9-F8D1-3D27-9AAA-6301A4429440}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Client Service Pack 2-->MsiExec.exe /I{1185566F-12ED-3EF0-89CC-38866DCE1EEE}
Microsoft .NET Framework 3.5 Client Service Pack 1-->MsiExec.exe /I{D617A4DC-C915-3F25-BE43-57E5FD99B441}
Microsoft .NET Framework Client Profile - PREVIEW-->C:\AHCache\All Users\Microsoft.Net.Client.3.5\setup.exe /remove "Microsoft.Net.Client.3.5"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight-->"C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->"C:\Program Files\Dishnewbies-IRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
PaperPort Image Printer-->MsiExec.exe /X{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}
PowerChute plus 5.2.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Pwrchute\DeIsL4.isu" -c"C:\Program Files\Pwrchute\uninst.dll
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\Intel 32\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PrintMaster Gold 4.00-->c:\pmw\msrun.exe
PropertiesPlus (Remove Only)-->C:\WINDOWS\System32\ShellExt\ppsetup.exe /uninstall
ScanSoft PaperPort 11-->MsiExec.exe /I{02E73E50-6513-4802-8600-B5A5BA185BE3}
Security Task Manager 1.6f-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Startup Delayer v2.3 (build 130)-->C:\Program Files\r2 Studios\Startup Delayer\Uninstall.exe
Symantec pcAnywhere-->MsiExec.exe /I{E05E8183-866A-11D3-97DF-0000F8D8F2E9}
Symantec WinFax PRO-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WinFax\WFXUNIST.ISU" -c"C:\Program Files\WinFax\UNINSTUB.DLL"
Tweaki...for Power Users-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD35373B-5AE2-48F6-9237-116290F3EB50}\setup.exe"
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
Uniblue SpyEraser-->"C:\Program Files\Uniblue\SpyEraser\unins000.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
Webshots Desktop-->"C:\Program Files\Webshots\unins000.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Your Uninstaller! 2008 Version 6.0-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"
ZoneTick World Time Zone Clock 3.3 (remove only)-->"C:\Program Files\ZoneTick\uninstall.exe"

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090416-0]

======System event log======

Computer Name: DON-DESKTOP
Event Code: 15
Message: The device, \Device\Harddisk1\D, is not ready for access yet.

Record Number: 1255
Source Name: Disk
Time Written: 20090411130602.000000-300
Event Type: error
User:

Computer Name: DON-DESKTOP
Event Code: 15
Message: The device, \Device\Harddisk1\D, is not ready for access yet.

Record Number: 1254
Source Name: Disk
Time Written: 20090411130602.000000-300
Event Type: error
User:

Computer Name: DON-DESKTOP
Event Code: 15
Message: The device, \Device\Harddisk1\D, is not ready for access yet.

Record Number: 1253
Source Name: Disk
Time Written: 20090411130602.000000-300
Event Type: error
User:

Computer Name: DON-DESKTOP
Event Code: 15
Message: The device, \Device\Harddisk1\D, is not ready for access yet.

Record Number: 1252
Source Name: Disk
Time Written: 20090411130602.000000-300
Event Type: error
User:

Computer Name: DON-DESKTOP
Event Code: 15
Message: The device, \Device\Harddisk1\D, is not ready for access yet.

Record Number: 1251
Source Name: Disk
Time Written: 20090411130602.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: DON-DESKTOP
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 9
Source Name: EvntAgnt
Time Written: 20090218194102.000000-360
Event Type: warning
User:

Computer Name: DON-DESKTOP
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 8
Source Name: EvntAgnt
Time Written: 20090218194102.000000-360
Event Type: warning
User:

Computer Name: DON-DESKTOP
Event Code: 1517
Message: Windows saved user DON-DESKTOP\Don Franklin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 6
Source Name: Userenv
Time Written: 20090218193921.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DON-DESKTOP
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 5
Source Name: Userenv
Time Written: 20090218193919.000000-360
Event Type: warning
User: DON-DESKTOP\Don Franklin

Computer Name: DON-DESKTOP
Event Code: 0
Message:
Record Number: 1
Source Name: Lavasoft Ad-Aware Service
Time Written: 20090216215046.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\Diskeeper\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PWRCHUTE"=C:\Program Files\Pwrchute
"FP_NO_HOST_CHECK"=NO

EOF

Katana · April 2009

IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

UTorrent
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.

Registry Cleaners

Re. Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Combofix Log
Kaspersky Log
Have you uninstalled Norton ?
How are things running now ?

Big-Mo · April 2009

Katana wrote:

IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

UTorrent
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.
ok i Uninstalled everything you recomended, downloaded the combofix and ran it except i only get a blue screen and combofix goes no farther i left it for 20 mins and it didnt change at all. will go do the kapersky scan now

Registry Cleaners

Re. Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

http://forums.whatthetech.com/Regcleaner_t42862.html

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

You must download it to and run it from your Desktop

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

Double click combofix.exe & follow the prompts.

When finished, it will produce a log. Please save that log to post in your next reply

Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Combofix Log

Kaspersky Log

Have you uninstalled Norton ?

How are things running now ?

Katana · April 2009

Your post just quotes what I said, were you trying to send me some info ?

Big-Mo · April 2009

sorry I removed the programs you recomended and downloaded the combofix and tried to run it .. only thing i get is a blue screen(blank) and i let it sit for abotu 30 mins and nothing happened. doing the kap scan now.

Katana · April 2009

Big-Mo wrote:

downloaded the combofix and tried to run it .. only thing i get is a blue screen(blank)

Please download a fresh copy of Combofix, if it still doesn't run try renaming it to something like "CleanMyPC.exe"

Big-Mo · April 2009

ok here is the combofix log kap comming
ComboFix 09-04-18.07 - Don Franklin 04/18/2009 10:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1536.695 [GMT -5:00]
Running from: c:\documents and settings\Don Franklin\Desktop\cleanme.exe
AV: avast! antivirus 4.8.1335 [VPS 090417-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

\Legacy_IPRIP

\Service_Iprip

((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 02:24 . 2009-04-18 15:18

d

w C:\ComboFix
2009-04-17 21:09 . 2009-04-17 21:09

d

w C:\rsit
2009-04-16 20:10 . 2006-12-29 05:31 19569 ----a-w c:\windows\000001_.tmp
2009-04-15 22:25 . 2008-04-13 23:12 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-15 22:25 . 2001-08-18 03:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-15 22:25 . 2008-04-13 23:12 18944 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-04-15 22:25 . 2001-08-18 03:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-04-15 22:25 . 2001-08-18 03:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-04-15 22:25 . 2001-08-18 03:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe
2009-04-15 22:25 . 2003-03-31 12:00 28288 -c--a-w c:\windows\system32\dllcache\xjis.nls
2009-04-15 22:25 . 2001-08-17 17:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys
2009-04-15 22:25 . 2004-08-04 03:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-04-15 22:25 . 2004-08-04 03:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-04-15 22:25 . 2008-04-13 23:12 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-15 22:23 . 2001-08-17 18:28 64605 -c--a-w c:\windows\system32\dllcache\vvoice.sys
2009-04-15 22:22 . 2001-08-17 17:13 37961 -c--a-w c:\windows\system32\dllcache\tdk100b.sys
2009-04-15 22:21 . 2001-08-17 18:53 7040 -c--a-w c:\windows\system32\dllcache\snyaitmc.sys
2009-04-15 22:20 . 2001-07-21 19:29 161568 -c--a-w c:\windows\system32\dllcache\sgsmusb.sys
2009-04-15 22:19 . 2001-08-17 18:28 714762 -c--a-w c:\windows\system32\dllcache\r2mdmkxx.sys
2009-04-15 22:18 . 2001-08-17 17:12 26153 -c--a-w c:\windows\system32\dllcache\pcmlm56.sys
2009-04-15 22:17 . 2001-08-17 19:56 35392 -c--a-w c:\windows\system32\dllcache\n9i128.dll
2009-04-15 22:16 . 2008-04-13 17:46 15232 -c--a-w c:\windows\system32\dllcache\mpe.sys
2009-04-15 22:15 . 2001-08-18 03:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2009-04-15 22:14 . 2001-08-18 03:36 372824 -c--a-w c:\windows\system32\dllcache\iconf32.dll
2009-04-15 22:13 . 2001-08-17 18:28 50751 -c--a-w c:\windows\system32\dllcache\hsf_tone.sys
2009-04-15 22:12 . 2001-08-17 17:11 12362 -c--a-w c:\windows\system32\dllcache\f3ab18xi.sys
2009-04-15 22:11 . 2008-04-13 17:39 206976 -c--a-w c:\windows\system32\dllcache\dot4.sys
2009-04-15 22:10 . 2001-08-17 18:52 14976 -c--a-w c:\windows\system32\dllcache\cpqarray.sys
2009-04-15 22:09 . 2001-08-18 03:37 244224 -c--a-w c:\windows\system32\dllcache\camext20.ax
2009-04-15 22:09 . 2001-08-18 03:36 74240 -c--a-w c:\windows\system32\dllcache\camexo20.dll
2009-04-15 22:09 . 2001-08-18 03:37 73216 -c--a-w c:\windows\system32\dllcache\camexo20.ax
2009-04-15 22:09 . 2001-08-17 19:04 171264 -c--a-w c:\windows\system32\dllcache\camdrv30.sys
2009-04-15 22:09 . 2001-08-17 19:04 223232 -c--a-w c:\windows\system32\dllcache\camdrv21.sys
2009-04-15 22:09 . 2001-08-17 19:05 314752 -c--a-w c:\windows\system32\dllcache\camdro21.sys
2009-04-15 22:09 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_870.nls
2009-04-15 22:09 . 2003-03-31 12:00 66594 -c--a-w c:\windows\system32\dllcache\c_864.nls
2009-04-15 22:09 . 2003-03-31 12:00 66594 -c--a-w c:\windows\system32\dllcache\c_862.nls
2009-04-15 22:09 . 2003-03-31 12:00 66594 -c--a-w c:\windows\system32\dllcache\c_858.nls
2009-04-15 22:08 . 2003-03-31 12:00 66594 -c--a-w c:\windows\system32\dllcache\c_720.nls
2009-04-15 22:08 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_708.nls
2009-04-15 22:08 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_28596.nls
2009-04-15 22:08 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_21027.nls
2009-04-15 22:08 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_21025.nls
2009-04-15 22:08 . 2003-03-31 12:00 177698 -c--a-w c:\windows\system32\dllcache\c_20949.nls
2009-04-15 22:08 . 2003-03-31 12:00 173602 -c--a-w c:\windows\system32\dllcache\c_20936.nls
2009-04-15 22:08 . 2003-03-31 12:00 180770 -c--a-w c:\windows\system32\dllcache\c_20932.nls
2009-04-15 22:08 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20924.nls
2009-04-15 22:08 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20880.nls
2009-04-15 22:08 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20871.nls
2009-04-15 22:08 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20838.nls
2009-04-15 22:07 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20106.nls
2009-04-15 09:08 . 2009-04-16 20:14 3023 ----a-w c:\windows\system32\spupdsvc.inf
2009-04-15 03:59 . 2008-05-03 11:55 2560

w c:\windows\system32\xpsp4res.dll
2009-04-15 00:03 . 2002-12-29 06:14 81920 ----a-w c:\windows\system32\Startup.cpl
2009-04-13 22:48 . 2008-05-27 17:11 96896 ----a-w c:\windows\system32\drivers\mcdbus.sys
2009-04-13 22:29 . 2007-12-15 14:07 90112 ----a-w c:\windows\system32\ccrpTmr6.dll
2009-04-13 02:46 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-13 02:42 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-13 02:42 . 2009-04-13 02:42

dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-12 22:17 . 2009-04-13 01:58

d

w c:\windows\BDOSCAN8
2009-04-12 14:26 . 2001-08-18 03:36 53760 -c--a-w c:\windows\system32\dllcache\sw_wheel.dll
2009-04-12 14:26 . 2001-08-18 03:36 53760 ----a-w c:\windows\system32\sw_wheel.dll
2009-04-12 14:26 . 2001-08-18 03:36 41472 -c--a-w c:\windows\system32\dllcache\sw_effct.dll
2009-04-12 14:26 . 2001-08-18 03:36 41472 ----a-w c:\windows\system32\sw_effct.dll
2009-04-12 14:26 . 2001-08-17 19:02 35200 -c--a-w c:\windows\system32\dllcache\msgame.sys
2009-04-12 14:26 . 2001-08-17 19:02 35200 ----a-w c:\windows\system32\drivers\msgame.sys
2009-04-12 13:05 . 2009-04-12 13:04 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-04-12 12:45 . 2009-04-12 12:45

d

w C:\lexmark
2009-04-12 12:00 . 2009-04-12 13:07

d

w c:\documents and settings\Don Franklin\Application Data\CyberLink
2009-04-12 11:59 . 2008-12-14 01:01 77824 ----a-w c:\windows\system32\xvid.ax
2009-04-12 11:59 . 2008-12-05 02:42 815104 ----a-w c:\windows\system32\xvidcore.dll
2009-04-12 11:59 . 2008-12-05 02:46 180224 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-12 11:45 . 2002-09-25 19:36 49152 ----a-w c:\windows\system32\gearsec.exe
2009-04-12 11:45 . 2002-09-25 19:35 9344 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-12 11:45 . 2002-09-25 19:35 61440 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20833.nls
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20424.nls
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20423.nls
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20420.nls
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20297.nls
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20290.nls
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20285.nls
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20284.nls
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20280.nls
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20278.nls
2009-04-12 03:56 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20277.nls
2009-04-12 03:55 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20107.nls
2009-04-12 03:55 . 2003-03-31 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20105.nls
2009-04-12 01:04 . 2009-04-15 09:12 1374 ----a-w c:\windows\imsins.BAK
2009-04-11 19:56 . 2009-04-11 19:56

d

w C:\VundoFix Backups
2009-04-08 01:22 . 2009-04-08 01:22

d

w c:\documents and settings\Don Franklin\Application Data\r2 Studios
2009-04-08 01:22 . 2009-04-08 01:22

d

w c:\documents and settings\All Users\Application Data\r2 Studios
2009-04-07 03:15 . 2009-04-11 19:22

d

w C:\DECCHECK
2009-04-07 02:59 . 2009-04-07 02:59

d

w c:\documents and settings\Don Franklin\Local Settings\Application Data\WinZip
2009-04-03 03:44 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-03 03:44 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-03 03:44 . 2008-07-06 12:06 575488

w c:\windows\system32\xpsshhdr.dll
2009-04-03 03:44 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-03 03:44 . 2008-07-06 12:06 1676288

w c:\windows\system32\xpssvcs.dll
2009-04-03 03:44 . 2008-07-06 12:06 117760

w c:\windows\system32\prntvpt.dll
2009-04-03 03:44 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-03 03:38 . 2001-12-03 17:25 28672 ----a-w c:\windows\system32\Icam3UNI.lrc
2009-04-03 03:38 . 2001-12-03 17:25 73728 ----a-w c:\windows\system32\Icam3com.dll
2009-04-03 03:38 . 2001-12-03 16:57 12577 ----a-w c:\windows\system32\Icam3UNI.hlp
2009-04-03 03:38 . 2001-12-03 16:57 145184 ----a-w c:\windows\system32\drivers\ICAM3D2.SYS
2009-04-03 03:38 . 1998-07-30 18:20 102912 ----a-w c:\windows\system32\Scale_en.dll
2009-03-25 23:00 . 2003-03-31 12:00 7909 ----a-w c:\windows\system32\ftpctrs.ini
2009-03-25 23:00 . 2003-03-31 12:00 7680 -c--a-w c:\windows\system32\dllcache\ftpctrs2.dll
2009-03-25 23:00 . 2003-03-31 12:00 7680 ----a-w c:\windows\system32\ftpctrs2.dll
2009-03-25 23:00 . 2003-03-31 12:00 2549 ----a-w c:\windows\system32\ftpctrs.h
2009-03-25 23:00 . 2003-03-31 12:00 18944 -c--a-w c:\windows\system32\dllcache\simptcp.dll
2009-03-25 23:00 . 2003-03-31 12:00 18944 ----a-w c:\windows\system32\simptcp.dll
2009-03-23 01:51 . 2009-03-23 01:51 532 ----a-w c:\windows\netdet.ini
2009-03-23 01:50 . 2001-11-29 14:57 341504 ----a-w c:\windows\system32\Softlocx5.ocx
2009-03-23 01:50 . 2001-11-29 14:57 110592 ----a-w c:\windows\system32\ccrpbds6.dll
2009-03-23 01:50 . 2001-11-29 14:57 6114 ----a-r c:\windows\system32\SHELLLNK.TLB
2009-03-20 19:56 . 2009-03-20 19:56 0 ----a-w c:\windows\WTNSETUP.INI
2009-03-20 19:53 . 1999-06-10 19:50 437528 ----a-w c:\windows\system32\401COMUPD.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 15:28 . 2009-02-10 04:30 4122 ----a-w C:\aaw7boot.log
2009-04-18 04:00 . 2009-02-08 20:28

d

w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-18 01:55 . 2009-03-01 21:55

dc-h--w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-04-18 01:54 . 2009-03-01 21:18

dc-h--w c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-04-18 01:54 . 2009-02-08 23:13

d

w c:\program files\Uniblue
2009-04-18 01:54 . 2009-02-07 00:17

d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-18 01:52 . 2009-02-07 00:16

d

w c:\program files\Your Uninstaller 2008
2009-04-18 01:52 . 2009-02-07 00:17

d

w c:\documents and settings\Don Franklin\Application Data\URSoft
2009-04-18 01:51 . 2009-03-18 23:30

d

w c:\program files\uTorrent
2009-04-17 17:30 . 2007-01-01 21:12

d

w c:\program files\Pwrchute
2009-04-17 01:39 . 2009-03-20 19:52

d

w c:\program files\WinFax
2009-04-16 03:24 . 2009-02-07 00:03 44248 ----a-w c:\documents and settings\Don Franklin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 03:23 . 2009-04-16 03:23

d

w c:\program files\Windows Defender
2009-04-15 02:14 . 2009-02-09 21:42

d

w c:\program files\Auction Sentry
2009-04-15 00:59 . 2009-02-08 19:40

d

w c:\documents and settings\All Users\Application Data\SecTaskMan
2009-04-13 22:48 . 2009-04-08 00:36

d

w c:\program files\MagicDisc
2009-04-13 22:46 . 2009-04-08 00:35

d

w c:\program files\MagicISO
2009-04-13 22:29 . 2009-04-13 22:29

d

w c:\program files\Cool Timer
2009-04-13 02:42 . 2009-02-10 03:11

d

w c:\program files\Lavasoft
2009-04-13 02:42 . 2009-02-09 02:59

d

w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-12 18:50 . 2009-04-12 18:50

d

w c:\program files\Trend Micro
2009-04-12 18:23 . 2009-04-11 19:56 240 ----a-w C:\VundoFix.txt
2009-04-12 14:01 . 2009-04-12 14:01

d

w c:\program files\Microsoft Games
2009-04-12 13:07 . 2006-12-26 00:49

d

w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-12 13:06 . 2009-04-12 13:06

d

w c:\program files\Common Files\CyberLink
2009-04-12 13:06 . 2009-02-06 22:42

d--h--w c:\program files\InstallShield Installation Information
2009-04-12 13:06 . 2009-04-07 01:25

d

w c:\program files\CyberLink
2009-04-12 11:59 . 2009-04-08 01:11

d

w c:\program files\Xvid
2009-04-12 04:49 . 2009-03-01 21:52 764704 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-12 00:27 . 2009-04-12 00:58 8530 ----a-w c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
2009-04-11 23:26 . 2009-04-11 23:26

d

w c:\program files\AWS
2009-04-11 23:25 . 2009-02-07 14:05 5 ----a-w C:\testfile.txt
2009-04-11 19:22 . 2009-04-07 01:23

d

w c:\program files\Avi2Dvd
2009-04-11 19:22 . 2009-04-07 01:23

d

w c:\program files\AviSynth 2.5
2009-04-11 19:21 . 2009-04-08 01:52

d

w c:\program files\Microsoft Games(2)
2009-04-11 19:20 . 2009-02-07 04:20

d

w c:\documents and settings\Don Franklin\Application Data\mIRC
2009-04-08 20:30 . 2009-02-07 14:45

d

w c:\program files\Dishnewbies-IRC
2009-04-08 20:29 . 2009-02-07 04:20

d

w c:\program files\mIRC
2009-04-08 01:21 . 2009-04-08 01:21

d

w c:\program files\r2 Studios
2009-04-07 01:18 . 2009-04-07 01:18

d

w c:\program files\321Studios
2009-04-07 00:21 . 2009-04-07 00:21

d

w c:\program files\Wondershare
2009-04-04 12:42 . 2009-02-11 01:23

d

w c:\program files\Common Files\Adobe
2009-03-23 01:50 . 2009-03-23 01:50

d

w c:\program files\JerMar Software
2009-03-20 19:55 . 2009-02-07 04:22

d

w c:\program files\Common Files\Symantec Shared
2009-03-20 19:52 . 2009-03-20 19:52

d

w c:\program files\Common Files\Novell Shared
2009-03-18 23:35 . 2009-02-07 01:27

d

w c:\documents and settings\All Users\Application Data\RoboForm
2009-03-18 23:01 . 2009-03-18 23:01

d

w c:\program files\PowerQuest
2009-03-18 05:20 . 2009-02-07 12:33

d

w c:\program files\Diskeeper
2009-03-12 07:02 . 2009-02-08 20:28

d

w c:\program files\Spybot - Search & Destroy
2009-03-11 01:13 . 2009-03-11 01:13

d

w c:\program files\HighMAT CD Writing Wizard
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2003-03-31 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 21:59 . 2009-02-08 23:14

d

w c:\documents and settings\Don Franklin\Application Data\Uniblue
2009-03-01 21:51 . 2009-03-01 21:51

d

w c:\program files\Reference Assemblies
2009-02-28 21:45 . 2009-02-28 14:17 5248 ----a-w c:\windows\system32\giveio.sys
2009-02-28 21:26 . 2009-02-28 21:26

d

w c:\program files\Security Task Manager
2009-02-22 11:22 . 2009-02-12 03:41

d

w c:\documents and settings\Don Franklin\Application Data\ieSpell
2009-02-21 03:07 . 2009-02-10 03:33

dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-20 18:09 . 2009-02-06 23:55 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-19 01:21 . 2009-02-19 01:21

d

w c:\program files\Windows Media Connect 2
2009-02-10 03:34 . 2009-02-10 03:35 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-09 12:10 . 2003-03-31 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2003-03-31 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2003-03-31 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2003-03-31 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2003-03-31 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 19:01 . 2009-02-08 19:01 33 ----a-w c:\documents and settings\Don Franklin\Application Data\__t.bin
2009-02-08 01:52 . 2009-02-08 01:52 37725 ----a-w C:\addressbook.csv
2009-02-08 00:02 . 2002-08-29 01:04 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-07 15:10 . 2009-02-07 15:10 34816 ----a-w c:\windows\system32\Dlportio.dll
2009-02-07 15:10 . 2009-02-07 15:10 27460 ----a-w c:\windows\system32\loaddrv.exe
2009-02-07 12:49 . 2009-02-07 12:49 737280 ----a-w c:\windows\iun6002.exe
2009-02-07 04:22 . 2009-02-07 04:22 83208 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-02-07 03:19 . 2009-02-06 22:30 86327 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-02-07 03:09 . 2003-03-31 12:00 250048 --sha-r C:\ntldr
2009-02-06 22:28 . 2009-02-06 22:28 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 22:27 . 2009-02-06 23:05 194 ----a-w C:\BOOT.PCP
2009-02-06 11:11 . 2003-03-31 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2003-03-31 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2003-03-31 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2003-03-31 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-19 20:08 . 2009-01-19 20:08 524288 ----a-w c:\windows\opuc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-12-22 1431816]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-03-18 160592]
"ZoneTick"="c:\program files\ZoneTick\zonetick.exe" [2009-02-10 200192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2004-10-08 196608]
"DiskeeperSystray"="c:\program files\Diskeeper\DkIcon.exe" [2006-10-04 163840]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2001-12-18 617984]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-02-07 705832]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-15 648488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-11 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]
"WFXSwtch"="c:\progra~1\WinFax\WFXSWTCH.exe" [2002-12-12 28160]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2007-12-14 26112]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-06-18 46592]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"WinFaxAppPortStarter"="wfxsnt40.exe" - c:\windows\system32\WFXSNT40.EXE [2002-12-12 45568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 17:00 8704 ----a-w c:\windows\system32\PCANotify.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Don Franklin^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Don Franklin^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Dishnewbies-IRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2007-08-11 26488]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2000-09-19 3584]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\Drivers\Icam3.sys [2001-08-17 141056]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - BITS
*Deregistered* - BlueSoleil Hid Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Diskeeper
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - GEARSecurity
*Deregistered* - helpsvc
*Deregistered* - IISADMIN
*Deregistered* - ImapiService
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - Lavasoft Ad-Aware Service
*Deregistered* - MSFtpsvc
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - nmservice
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SimpTcp
*Deregistered* - SMTPSVC
*Deregistered* - SNMP
*Deregistered* - Spooler
*Deregistered* - spupdsvc
*Deregistered* - srservice
*Deregistered* - Start BT in service
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - W3SVC
*Deregistered* - WebClient
*Deregistered* - wfxsvc
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-04-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-04-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-02-08 21:31]

2009-04-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-02-08 21:31]

2009-02-08 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-02-08 14:23]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

.

Supplementary Scan

.
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: ebay.com\www
TCP: {AD4B9677-CFAE-4E7B-8B90-33C57157689C} = 38.100.180.130,38.100.180.131
FF - ProfilePath - c:\documents and settings\Don Franklin\Application Data\Mozilla\Firefox\Profiles\wvjpi1f1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 10:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iprip]
"ServiceDll"="%SystemRoot%\System32\iprip.dll"
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3672)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\ZoneTick\HOOK.dll
c:\program files\ZoneTick\res_en.dll
.

Other Running Processes

.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Diskeeper\DkService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\WFXSVC.EXE
c:\program files\WinFax\WFXMOD32.EXE
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Alwil Software\Avast4\Setup\avast.setup
c:\program files\MagicDisc\MagicDisc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe
c:\program files\Memturbo 4\MemTurbo.exe
c:\documents and settings\Don Franklin\Start Menu\Programs\Startup\XP_SystemUptime.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE
.
**************************************************************************
.
Completion time: 2009-04-18 10:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 15:41

Pre-Run: 85,418,893,312 bytes free
Post-Run: 85,538,951,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

584 --- E O F --- 2009-04-17 09:07

Big-Mo · April 2009

here is the kap file

KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, April 18, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, April 18, 2009 14:29:51
Records in database: 2058509

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Don Franklin\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 114763
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:37:53

File name / Threat name / Threats count
C:\Program Files\IRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1

The selected area was scanned.

Katana · April 2009

Katana wrote:

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Have you uninstalled Norton ?

How are things running now ?

Big-Mo · April 2009

Im litle confused I dont have norton installed.

running the same.

Katana · April 2009

Big-Mo wrote:

Im litle confused I dont have norton installed.

Sorry, I saw the Symantec updater and assumed that Norton had been uninstalled.
It is related to Symantec pcAnywhere and Symantec WinFax PRO so can be left alone.

I doubt your problem is malware related, please try the following
Turn off Lexmark print service

If the Lexmark print service is installed on your computer, turn off the LexBce Server service. To do this, follow these steps:

Click Start, right-click My Computer, and then click Manage.
Expand Services and Applications, and then click Services.
In the details pane, right-click LexBce Server, and then click Properties.
On the General tab in the Startup type list, click Disabled.
Under Service status, click Stop, and then click OK.
Right-click the Print Spooler service, and then click Start (if it is stopped).
Exit Computer Management.

Test whether the issue is resolved.

Big-Mo · April 2009

already did that. uninstalled the lexmark software. and then stooped the service . when i reboot the lex server is back in the services again . I belie it is a bogus name for something else. and as i said it also creates a new start up ctmon.exe even after i delete that setting.
the thing that started all of this was a file that had Outerinfo.dll Infection: Win32:PurityScan-AV [Trj] I also have noticed a new problem of when i right click on start and pause over a folder like start up and right click and say open i get an hourglass for a second and then nothing. no window or anything.

thanks for all the help though

Don

Katana · April 2009

Do you mean ctfmon.exe ? if so, that is a legit file related to Microsoft.

Just stopping the Lexmark service may be causing the problem, as other services may depend on it running.

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off
SC QUERY state= all |findstr "DISPLAY_NAME STATE" >> C:\servicelook.txt
start notepad C:\servicelook.txt
del /q %0
exit

Double click on look.bat

Notepad will open, please copy/paste the results here.

Big-Mo · April 2009

DISPLAY_NAME: Alerter
STATE : 1 STOPPED
DISPLAY_NAME: Application Layer Gateway Service
STATE : 4 RUNNING
DISPLAY_NAME: Application Management
STATE : 1 STOPPED
DISPLAY_NAME: ASP.NET State Service
STATE : 1 STOPPED
DISPLAY_NAME: avast! iAVS4 Control Service
STATE : 4 RUNNING
DISPLAY_NAME: Ati HotKey Poller
STATE : 4 RUNNING
DISPLAY_NAME: Windows Audio
STATE : 4 RUNNING
DISPLAY_NAME: avast! Antivirus
STATE : 4 RUNNING
DISPLAY_NAME: avast! Mail Scanner
STATE : 4 RUNNING
DISPLAY_NAME: avast! Web Scanner
STATE : 4 RUNNING
DISPLAY_NAME: pcAnywhere Host Service
STATE : 1 STOPPED
DISPLAY_NAME: Background Intelligent Transfer Service
STATE : 4 RUNNING
DISPLAY_NAME: BlueSoleil Hid Service
STATE : 4 RUNNING
DISPLAY_NAME: Computer Browser
STATE : 4 RUNNING
DISPLAY_NAME: Indexing Service
STATE : 1 STOPPED
DISPLAY_NAME: ClipBook
STATE : 1 STOPPED
DISPLAY_NAME: .NET Runtime Optimization Service v2.0.50727_X86
STATE : 1 STOPPED
DISPLAY_NAME: COM+ System Application
STATE : 1 STOPPED
DISPLAY_NAME: Cryptographic Services
STATE : 4 RUNNING
DISPLAY_NAME: DCOM Server Process Launcher
STATE : 4 RUNNING
DISPLAY_NAME: DHCP Client
STATE : 4 RUNNING
DISPLAY_NAME: Diskeeper
STATE : 4 RUNNING
DISPLAY_NAME: Logical Disk Manager Administrative Service
STATE : 1 STOPPED
DISPLAY_NAME: Logical Disk Manager
STATE : 4 RUNNING
DISPLAY_NAME: DNS Client
STATE : 4 RUNNING
DISPLAY_NAME: Wired AutoConfig
STATE : 1 STOPPED
DISPLAY_NAME: Extensible Authentication Protocol Service
STATE : 1 STOPPED
DISPLAY_NAME: Error Reporting Service
STATE : 4 RUNNING
DISPLAY_NAME: Event Log
STATE : 4 RUNNING
DISPLAY_NAME: COM+ Event System
STATE : 4 RUNNING
DISPLAY_NAME: Fast User Switching Compatibility
STATE : 4 RUNNING
DISPLAY_NAME: Fax
STATE : 1 STOPPED
DISPLAY_NAME: Windows Presentation Foundation Font Cache 3.0.0.0
STATE : 1 STOPPED
DISPLAY_NAME: GEARSecurity
STATE : 4 RUNNING
DISPLAY_NAME: Help and Support
STATE : 4 RUNNING
DISPLAY_NAME: Human Interface Device Access
STATE : 1 STOPPED
DISPLAY_NAME: Health Key and Certificate Management Service
STATE : 1 STOPPED
DISPLAY_NAME: HTTP SSL
STATE : 1 STOPPED
DISPLAY_NAME: Windows CardSpace
STATE : 1 STOPPED
DISPLAY_NAME: IIS Admin
STATE : 4 RUNNING
DISPLAY_NAME: IMAPI CD-Burning COM Service
STATE : 1 STOPPED
DISPLAY_NAME: Java Quick Starter
STATE : 4 RUNNING
DISPLAY_NAME: Server
STATE : 4 RUNNING
DISPLAY_NAME: Workstation
STATE : 4 RUNNING
DISPLAY_NAME: Lavasoft Ad-Aware Service
STATE : 4 RUNNING
DISPLAY_NAME: TCP/IP NetBIOS Helper
STATE : 1 STOPPED
DISPLAY_NAME: TCP/IP Print Server
STATE : 1 STOPPED
DISPLAY_NAME: Messenger
STATE : 1 STOPPED
DISPLAY_NAME: NetMeeting Remote Desktop Sharing
STATE : 1 STOPPED
DISPLAY_NAME: Distributed Transaction Coordinator
STATE : 1 STOPPED
DISPLAY_NAME: FTP Publishing
STATE : 4 RUNNING
DISPLAY_NAME: Windows Installer
STATE : 1 STOPPED
DISPLAY_NAME: Network Access Protection Agent
STATE : 1 STOPPED
DISPLAY_NAME: Network DDE
STATE : 1 STOPPED
DISPLAY_NAME: Network DDE DSDM
STATE : 1 STOPPED
DISPLAY_NAME: Net Logon
STATE : 1 STOPPED
DISPLAY_NAME: Network Connections
STATE : 4 RUNNING
DISPLAY_NAME: Net.Tcp Port Sharing Service
STATE : 1 STOPPED
DISPLAY_NAME: Network Location Awareness (NLA)
STATE : 4 RUNNING
DISPLAY_NAME: Pure Networks Platform Service
STATE : 4 RUNNING
DISPLAY_NAME: NT LM Security Support Provider
STATE : 1 STOPPED
DISPLAY_NAME: Removable Storage
STATE : 1 STOPPED
DISPLAY_NAME: Office Source Engine
STATE : 1 STOPPED
DISPLAY_NAME: Peer Networking Group Authentication
STATE : 1 STOPPED
DISPLAY_NAME: Peer Networking Identity Manager
STATE : 1 STOPPED
DISPLAY_NAME: Peer Networking
STATE : 1 STOPPED
DISPLAY_NAME: Plug and Play
STATE : 4 RUNNING
DISPLAY_NAME: Peer Name Resolution Protocol
STATE : 1 STOPPED
DISPLAY_NAME: IPSEC Services
STATE : 1 STOPPED
DISPLAY_NAME: Protected Storage
STATE : 4 RUNNING
DISPLAY_NAME: Remote Access Auto Connection Manager
STATE : 1 STOPPED
DISPLAY_NAME: Remote Access Connection Manager
STATE : 4 RUNNING
DISPLAY_NAME: Remote Desktop Help Session Manager
STATE : 1 STOPPED
DISPLAY_NAME: Routing and Remote Access
STATE : 1 STOPPED
DISPLAY_NAME: Remote Registry
STATE : 1 STOPPED
DISPLAY_NAME: Remote Procedure Call (RPC) Locator
STATE : 1 STOPPED
DISPLAY_NAME: Remote Procedure Call (RPC)
STATE : 4 RUNNING
DISPLAY_NAME: QoS RSVP
STATE : 1 STOPPED
DISPLAY_NAME: Security Accounts Manager
STATE : 4 RUNNING
DISPLAY_NAME: Smart Card
STATE : 1 STOPPED
DISPLAY_NAME: Task Scheduler
STATE : 4 RUNNING
DISPLAY_NAME: Secondary Logon
STATE : 1 STOPPED
DISPLAY_NAME: System Event Notification
STATE : 4 RUNNING
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
STATE : 4 RUNNING
DISPLAY_NAME: Shell Hardware Detection
STATE : 4 RUNNING
DISPLAY_NAME: Simple TCP/IP Services
STATE : 4 RUNNING
DISPLAY_NAME: Simple Mail Transfer Protocol (SMTP)
STATE : 4 RUNNING
DISPLAY_NAME: SNMP Service
STATE : 4 RUNNING
DISPLAY_NAME: SNMP Trap Service
STATE : 1 STOPPED
DISPLAY_NAME: Print Spooler
STATE : 4 RUNNING
DISPLAY_NAME: Windows Service Pack Installer update service
STATE : 1 STOPPED
DISPLAY_NAME: System Restore Service
STATE : 4 RUNNING
DISPLAY_NAME: SSDP Discovery Service
STATE : 1 STOPPED
DISPLAY_NAME: Start BT in service
STATE : 4 RUNNING
DISPLAY_NAME: Windows Image Acquisition (WIA)
STATE : 4 RUNNING
DISPLAY_NAME: MS Software Shadow Copy Provider
STATE : 1 STOPPED
DISPLAY_NAME: Performance Logs and Alerts
STATE : 1 STOPPED
DISPLAY_NAME: Telephony
STATE : 4 RUNNING
DISPLAY_NAME: Terminal Services
STATE : 4 RUNNING
DISPLAY_NAME: Themes
STATE : 4 RUNNING
DISPLAY_NAME: Telnet
STATE : 1 STOPPED
DISPLAY_NAME: Distributed Link Tracking Client
STATE : 1 STOPPED
DISPLAY_NAME: Universal Plug and Play Device Host
STATE : 1 STOPPED
DISPLAY_NAME: UPS - APC PowerChute plus
STATE : 1 STOPPED
DISPLAY_NAME: Volume Shadow Copy
STATE : 1 STOPPED
DISPLAY_NAME: Windows Time
STATE : 1 STOPPED
DISPLAY_NAME: World Wide Web Publishing
STATE : 4 RUNNING
DISPLAY_NAME: WebClient
STATE : 4 RUNNING
DISPLAY_NAME: WinFax PRO
STATE : 4 RUNNING
DISPLAY_NAME: Windows Defender
STATE : 1 STOPPED
DISPLAY_NAME: Windows Management Instrumentation
STATE : 4 RUNNING
DISPLAY_NAME: Portable Media Serial Number Service
STATE : 1 STOPPED
DISPLAY_NAME: Windows Management Instrumentation Driver Extensions
STATE : 1 STOPPED
DISPLAY_NAME: WMI Performance Adapter
STATE : 1 STOPPED
DISPLAY_NAME: Windows Media Player Network Sharing Service
STATE : 1 STOPPED
DISPLAY_NAME: Security Center
STATE : 4 RUNNING
DISPLAY_NAME: Automatic Updates
STATE : 4 RUNNING
DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework
STATE : 1 STOPPED
DISPLAY_NAME: Wireless Zero Configuration
STATE : 4 RUNNING
DISPLAY_NAME: Network Provisioning Service
STATE : 1 STOPPED

Katana · April 2009

There is no sign of the Lexmark service at all.
There is one last thing I can try

Download and Run Registry Search
Download (LINK >>>) Registry Search (<<< LINK) to your desktop.

Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
Open the new folder, and double click on regsearch.exe
In the top window copy/paste the following line
LexBce

[*]Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
[*] Please save the text file at you desktop and call it found-entries.

Paste the results in your reply

Big-Mo · April 2009

its only there after i reboot and after that time it repopulates the lexmark service and i have to uninstall it again if I dont i cant get online, except in safe mode.

but i will do as you ask .

Could this have anything to do with the right click not working properly >?

Katana · April 2009

Big-Mo wrote:

Could this have anything to do with the right click not working properly >?

It's possible, it may be corrupting the registry.

new plague hit me lexbce server infected

Comments