Spyware or Possible keylogger?

Unknown

Hi Guys.

I'm hoping someone might be able to help me please with my computer. Thanks in advance for the awesome forum and assistance.

Everytime I start my computer, the 'C\Program Files\Common' folder opens. I've also had an explosion of spam, and its related very accurately to things I've been searching online for. The fan on my computer also runs fulltime as though my computer is doing some serious processing, it's a little slow, but not as bad as the time my computer was completely overrun with viruses.

I've run everything suggested - Avira antivirus, spybot, ad-aware, kaspersky, spyware-blaster; Comodo firewall; removed unused programs; done a disk-cleanup and defrag. Nothing has been found.

Additionally, my ex-husband has mentioned something about having me under surveillance (he's an ex-cop) and I'm wondering if he's installed something remotely onto my computer (a keylogger?). How can I detect/remove anything like that?

Here is my HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 21:18:21, on 29/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Memory Firewall\cmf.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Memory Firewall] "C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = C:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Unwired Launchpad.lnk = C:\Program Files\Unwired\UwSCT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135569143640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135569061500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Katana

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

---

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click Yes.
  
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
  
• GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log.
• Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

narcheska

Thank you so much for finding the time to assist me.

Here is my log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Simone Loong at 2009-05-09 22:01:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (18%) free of 57 GB
Total RAM: 895 MB (15% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:31, on 09/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\COMODO\Memory Firewall\cmf.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Simone Loong\Desktop\RSIT.exe
C:\Program Files\trend micro\Simone Loong.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Memory Firewall] "C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [{67321FD1-063C-1033-0701-05050322003d}] "C:\Program Files\Common Files\{67321FD1-063C-1033-0701-05050322003d}\Update.exe" mc-110-12-0000137
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{67321FD1-063C-1033-0701-05050322003d}] "C:\Program Files\Common Files\{67321FD1-063C-1033-0701-05050322003d}\Update.exe" mc-110-12-0000137 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{67321FD1-063C-1033-0701-05050322003d}] "C:\Program Files\Common Files\{67321FD1-063C-1033-0701-05050322003d}\Update.exe" mc-110-12-0000137 (User 'Default user')
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk.disabled
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Picture Package Menu.lnk.disabled
O4 - Global Startup: Picture Package VCD Maker.lnk.disabled
O4 - Global Startup: Unwired Launchpad.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135569143640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135569061500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 12230 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{573C561A-2AB9-4D09-B602-4F4AB0822355}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2007-01-20 806424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6}]
del.icio.us Toolbar Helper - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll [2006-09-26 271864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2006-05-30 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2007-01-20 806424]
{981FE6A8-260C-4930-960F-C3BC82746CB0} - del.icio.us - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll [2006-09-26 271864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-09 344064]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-06-08 131072]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-04-27 122941]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-20 729178]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-05-04 794624]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 58984]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2006-04-18 405504]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-07-04 184320]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"TalkTalk"=C:\Program Files\TalkTalk\bin\sprtcmd.exe [2005-08-16 192512]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-21 266497]
"COMODO Memory Firewall"=C:\Program Files\COMODO\Memory Firewall\cmf.exe [2008-07-28 2236160]
"BOC-427"=C:\PROGRA~1\Comodo\CBOClean\BOC427.exe [2008-07-14 351480]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-26 177472]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-04-27 516440]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-23 17920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"{67321FD1-063C-1033-0701-05050322003d}"=C:\Program Files\Common Files\{67321FD1-063C-1033-0701-05050322003d}\Update.exe mc-110-12-0000137 []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Creating Keepsakes Scrapbook Designer Event Reminder.lnk.disabled - C:\Program Files\Scrapbook Designer\scrapremind.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
HP Digital Imaging Monitor.lnk.disabled - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Picture Package Menu.lnk.disabled - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk.disabled - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
Unwired Launchpad.lnk.disabled - C:\Program Files\Unwired\UwSCT.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-09 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2006-09-09 63488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Unwired\UwWiz.exe"="C:\Program Files\Unwired\UwWiz.exe:*:Enabled:Connection Assistant"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======File associations======
.txt - open - C:\WINDOWS\NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2009-05-09 22:02:00 ----D---- C:\Program Files\trend micro
2009-05-09 22:01:58 ----D---- C:\rsit
2009-04-21 21:40:13 ----D---- C:\Documents and Settings\Simone Loong\Application Data\InstallShield
2009-04-21 21:23:13 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-04-18 17:30:33 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-18 16:02:05 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-17 21:52:35 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 21:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 21:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 21:48:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 21:48:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 21:46:49 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-17 16:33:17 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-13 15:18:21 ----D---- C:\WINDOWS\Minidump
2009-04-11 07:59:22 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-11 07:59:22 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-11 07:59:22 ----A---- C:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 months======
2009-05-09 22:02:00 ----AD---- C:\Program Files
2009-05-09 22:01:52 ----D---- C:\WINDOWS\Prefetch
2009-05-09 19:43:22 ----A---- C:\WINDOWS\BOC427.INI
2009-05-09 19:41:31 ----D---- C:\WINDOWS\Temp
2009-05-08 16:52:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 14:37:36 ----D---- C:\Program Files\Mozilla Firefox
2009-04-30 06:45:33 ----D---- C:\WINDOWS
2009-04-30 06:44:29 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-29 21:57:04 ----SHD---- C:\WINDOWS\Installer
2009-04-29 21:57:04 ----HD---- C:\Config.Msi
2009-04-29 21:35:40 ----SD---- C:\WINDOWS\Tasks
2009-04-29 21:17:50 ----D---- C:\Program Files\Hijackthis
2009-04-29 20:31:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-28 10:35:36 ----D---- C:\WINDOWS\WinSxS
2009-04-28 10:35:35 ----D---- C:\WINDOWS\Downloaded Installations
2009-04-28 10:35:35 ----D---- C:\Documents and Settings\Simone Loong\Application Data\Teleca
2009-04-28 10:35:00 ----HD---- C:\WINDOWS\inf
2009-04-28 10:34:58 ----D---- C:\Program Files\Common Files\Teleca Shared
2009-04-28 10:34:41 ----AD---- C:\WINDOWS\system32
2009-04-28 10:34:36 ----D---- C:\Program Files\Common Files
2009-04-28 10:33:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-28 10:21:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-28 10:21:30 ----D---- C:\Program Files\Full Tilt Poker
2009-04-28 10:20:13 ----D---- C:\WINDOWS\system32\drivers
2009-04-28 09:22:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-28 09:22:36 ----D---- C:\Program Files\SpywareBlaster
2009-04-27 20:25:46 ----D---- C:\WINDOWS\system32\wbem
2009-04-27 20:25:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-22 17:13:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-21 22:05:48 ----D---- C:\Program Files\HPQ
2009-04-21 21:46:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-21 21:44:54 ----AD---- C:\Swsetup
2009-04-18 16:01:48 ----D---- C:\Program Files\Lavasoft
2009-04-18 16:01:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-18 07:33:53 ----D---- C:\WINDOWS\AppPatch
2009-04-17 21:52:28 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 21:52:03 ----D---- C:\WINDOWS\system32\en-US
2009-04-17 21:52:03 ----D---- C:\Program Files\Internet Explorer
2009-04-17 21:48:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-17 21:48:06 ----A---- C:\WINDOWS\win.ini
2009-04-17 20:31:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-13 15:17:04 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-11 07:59:20 ----D---- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 ClntMgmt.sys;ClntMgmt.sys; C:\WINDOWS\System32\Drivers\ClntMgmt.sys [2005-09-07 65528]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-07-31 5632]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 cmfd;cmfd; \??\C:\Program Files\COMODO\Memory Firewall\cmfd.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-04-27 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-04-27 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-04-27 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-04-27 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-04-27 86684]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-04-27 14877]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-04-27 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-04-27 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-04-27 100605]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-09 1273856]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2006-05-25 121216]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-02-16 128256]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-01 604928]
R3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-07-20 38144]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-07-20 346496]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-10-18 235904]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-20 190400]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-06-02 56648]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-28 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-28 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-04-18 1038336]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-09 380928]
R2 BOCore;BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [2008-07-14 73464]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-01-09 181864]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-27 953168]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-06-14 98304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

---

EOF

---

narcheska

Here is the info.txt

info.txt logfile of random's system information tool 1.06 2009-05-09 22:02:39
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{4355F416-21FD-48E5-8B93-6F8DE5D9F67A}
-->MsiExec.exe /I{E1D78C08-3477-470B-82B7-61BD4F63110B}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly -S
-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BOClean-->C:\WINDOWS\UNBOC.EXE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
COMODO Memory Firewall-->C:\Program Files\COMODO\Memory Firewall\cmfconfg.exe -u
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL308BA.INF
Creating Keepsakes Scrapbook Designer-->MsiExec.exe /I{7E370E0D-004C-4DC8-9986-A43F8C79404E}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
del.icio.us Buttons for Internet Explorer-->MsiExec.exe /I{08F7CCA6-8590-4401-8B44-CEB09A909AAB}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Flickr Uploadr 3.0.5-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP BIOS Configuration for ProtectTools 1.00 F1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\Setup.exe" -l0x9 biosuninst
HP Credential Manager for ProtectTools-->MsiExec.exe /X{9AA3FA54-3CF1-45E9-8786-9E896B161379}
HP Extended Capabilities 6.1-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.1-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Notebook Accessories Product Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9 -removeonly
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP ProtectTools Security Manager 2.00 D3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\Setup.exe" -l0x9 -removeonly hpquninst
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Wireless Assistant 1.01 C1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
HP_User_Guides_0003-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5821272A-4A0B-4A0B-AE3B-9D8D04D39487}\setup.exe" -l0x9 -removeonly
ImageMixer VCD2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod Updater 2004-11-15-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{90CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MobileMe Control Panel-->MsiExec.exe /I{44A91B04-3D0C-47F9-B644-7F682869AFF3}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NetShow Tools 3.0-->C:\Program Files\NetShow Services\Tools\_insttoo.exe /U
Nokia Connectivity Cable Driver-->MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}
Nokia PC Connectivity Solution-->MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
Quick Launch Buttons 5.20 H1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\Setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Security Task Manager 1.7e-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SoftV.92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_308x103C\HXFSETUP.EXE -U -Ihpm308bk.inf
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TalkTalk Assist & Go-->MsiExec.exe /X{D084B1A9-153B-409D-AEBF-C40FCEF925EA}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Messenger Explorer Bar-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\COMPAN~1\Modules\messmod4\v6\yhexbmes.dll
Yahoo! Photos Easy Upload Tool 1v6-->C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"
Yahoo! Toolbar-->C:\Program Files\Yahoo!\Common\unyt.exe
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Avira AntiVir PersonalEdition
======System event log======
Computer Name: SIMONELAPTOP
Event Code: 18
Message: TIMEOUT<csrss.exe> C:\WINDOWS\system32\vga.dll
Record Number: 308617
Source Name: avgntflt
Time Written: 20090427120356.000000+060
Event Type: warning
User:
Computer Name: SIMONELAPTOP
Event Code: 7000
Message: The Automatic LiveUpdate Scheduler service failed to start due to the following error:
The system cannot find the path specified.

Record Number: 308562
Source Name: Service Control Manager
Time Written: 20090427073627.000000+060
Event Type: error
User:
Computer Name: SIMONELAPTOP
Event Code: 602
Message: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.
Record Number: 308558
Source Name: SCardSvr
Time Written: 20090427073609.000000+060
Event Type: error
User:
Computer Name: SIMONELAPTOP
Event Code: 602
Message: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.
Record Number: 308557
Source Name: SCardSvr
Time Written: 20090427073609.000000+060
Event Type: error
User:
Computer Name: SIMONELAPTOP
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 308552
Source Name: b57w2k
Time Written: 20090427073559.000000+060
Event Type: warning
User:
=====Application event log=====
Computer Name: SIMONELAPTOP
Event Code: 1517
Message: Windows saved user SIMONELAPTOP\Simone Loong registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 30201
Source Name: Userenv
Time Written: 20080531094217.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SIMONELAPTOP
Event Code: 1517
Message: Windows saved user SIMONELAPTOP\Simone Loong registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 30180
Source Name: Userenv
Time Written: 20080530131530.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SIMONELAPTOP
Event Code: 1517
Message: Windows saved user SIMONELAPTOP\Simone Loong registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 30173
Source Name: Userenv
Time Written: 20080530085226.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SIMONELAPTOP
Event Code: 4113
Message:
Record Number: 30170
Source Name: Avira AntiVir
Time Written: 20080530075952.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SIMONELAPTOP
Event Code: 4113
Message:
Record Number: 30169
Source Name: Avira AntiVir
Time Written: 20080530075946.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\HPQ\IAM\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

---

EOF

---

Katana

Do you have the GMER log ?


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
• If requested, please reboot
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

narcheska

Okay, the gmer has finished running and 350,000 chararcters. It may take about 7 posts. Can I send you the file? What do you recommend?

narcheska

Hi, I've attempted to run the Malwarebyte's Anti Malware and twice my computer has crashed. When it reboots it says that it has recovered from a serious error. I didn't actually see it crash, but there is some msg about it being a blue screen error.

Katana

Can you zip the GMER log and attach it to your next post ?
Right click - Send to - Compressed (Zipped) folder



Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
  
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  
• Double click combofix.exe & follow the prompts.
  
• When finished, it will produce a log. Please save that log to post in your next reply
  
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

narcheska

Here is the gmer.txt. Sorry, I didn't realise that files could be attached.

There was no link to download Comofix in your last post...

narcheska

I found a link to combofix in the tutorial

narcheska

Here is the combofix scan:

ComboFix 09-05-08.03 - Simone Loong 10/05/2009 12:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.895.463 [GMT 1:00]
Running from: c:\documents and settings\Simone Loong\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Dxc.log
c:\documents and settings\Simone Loong\Local Settings\Temporary Internet Files\Dxc.log
.
((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.
2009-05-10 09:25 . 2009-05-10 10:32

---

d

---

w c:\windows\system32\NtmsData
2009-05-10 06:10 . 2009-05-10 06:10

---

d

---

w c:\documents and settings\Simone Loong\Application Data\Malwarebytes
2009-05-10 06:10 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-10 06:10 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 06:10 . 2009-05-10 06:10

---

d

---

w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-10 06:10 . 2009-05-10 06:10

---

d

---

w c:\program files\Malwarebytes' Anti-Malware
2009-05-09 21:02 . 2009-05-09 21:02

---

d

---

w c:\program files\trend micro
2009-05-09 21:01 . 2009-05-09 21:06

---

d

---

w C:\rsit
2009-04-29 20:11 . 2008-04-13 23:12 116224 ----a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-29 20:11 . 2001-08-17 21:36 23040 ----a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-29 20:11 . 2008-04-13 23:12 18944 ----a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-04-29 20:10 . 2001-08-17 21:37 27648 ----a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-04-29 20:10 . 2001-08-17 21:37 4608 ----a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-04-29 20:10 . 2001-08-17 21:37 99865 ----a-w c:\windows\system32\dllcache\xlog.exe
2009-04-29 20:10 . 2001-08-17 11:11 16970 ----a-w c:\windows\system32\dllcache\xem336n5.sys
2009-04-29 20:10 . 2004-08-03 20:29 19455 ----a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-04-29 20:10 . 2008-04-13 17:46 19200 ----a-w c:\windows\system32\dllcache\wstcodec.sys
2009-04-29 20:10 . 2004-08-03 20:29 12063 ----a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-04-29 20:10 . 2004-08-03 20:31 154624 ----a-w c:\windows\system32\dllcache\wlluc48.sys
2009-04-29 20:10 . 2001-08-17 11:12 34890 ----a-w c:\windows\system32\dllcache\wlandrv2.sys
2009-04-29 20:08 . 2001-08-17 12:28 397502 ----a-w c:\windows\system32\dllcache\vpctcom.sys
2009-04-29 20:07 . 2008-04-13 17:45 60032 ----a-w c:\windows\system32\dllcache\usbaudio.sys
2009-04-29 20:06 . 2001-08-17 11:51 166784 ----a-w c:\windows\system32\dllcache\tridxpm.sys
2009-04-29 20:05 . 2001-08-17 11:14 123995 ----a-w c:\windows\system32\dllcache\tjisdn.sys
2009-04-29 20:04 . 2001-08-17 21:36 94293 ----a-w c:\windows\system32\dllcache\sxports.dll
2009-04-29 20:04 . 2001-08-17 12:50 103936 ----a-w c:\windows\system32\dllcache\sx.sys
2009-04-29 20:04 . 2001-08-17 13:02 3968 ----a-w c:\windows\system32\dllcache\swusbflt.sys
2009-04-29 20:04 . 2001-08-17 21:36 10240 ----a-w c:\windows\system32\dllcache\swpidflt.dll
2009-04-29 20:04 . 2001-08-17 21:36 10240 ----a-w c:\windows\system32\dllcache\swpdflt2.dll
2009-04-29 20:04 . 2001-08-17 21:36 53760 ----a-w c:\windows\system32\dllcache\sw_wheel.dll
2009-04-29 20:04 . 2001-08-17 21:36 41472 ----a-w c:\windows\system32\dllcache\sw_effct.dll
2009-04-29 20:04 . 2008-04-13 17:46 15232 ----a-w c:\windows\system32\dllcache\streamip.sys
2009-04-29 20:04 . 2001-08-17 21:36 155648 ----a-w c:\windows\system32\dllcache\stlnprop.dll
2009-04-29 20:04 . 2001-08-17 21:36 53248 ----a-w c:\windows\system32\dllcache\stlncoin.dll
2009-04-29 20:04 . 2001-08-17 11:18 285760 ----a-w c:\windows\system32\dllcache\stlnata.sys
2009-04-29 20:03 . 2001-08-17 12:51 16896 ----a-w c:\windows\system32\dllcache\stcusb.sys
2009-04-29 20:03 . 2004-08-04 13:00 16896 ----a-w c:\windows\system32\dllcache\status.dll
2009-04-29 20:03 . 2001-08-17 11:11 48736 ----a-w c:\windows\system32\dllcache\srwlnd5.sys
2009-04-29 20:03 . 2001-08-17 21:36 99328 ----a-w c:\windows\system32\dllcache\srusd.dll
2009-04-29 20:03 . 2004-08-04 13:00 101376 ----a-w c:\windows\system32\dllcache\srusbusd.dll
2009-04-29 20:03 . 2001-08-17 21:36 24660 ----a-w c:\windows\system32\dllcache\spxupchk.dll
2009-04-29 20:03 . 2001-08-17 12:51 61824 ----a-w c:\windows\system32\dllcache\speed.sys
2009-04-29 20:03 . 2001-08-17 21:36 106584 ----a-w c:\windows\system32\dllcache\spdports.dll
2009-04-29 20:03 . 2001-08-17 13:07 19072 ----a-w c:\windows\system32\dllcache\sparrow.sys
2009-04-29 20:03 . 2001-08-17 11:51 37040 ----a-w c:\windows\system32\dllcache\sonypi.sys
2009-04-29 20:03 . 2001-08-17 21:36 114688 ----a-w c:\windows\system32\dllcache\sonypi.dll
2009-04-29 20:03 . 2001-08-17 11:51 20752 ----a-w c:\windows\system32\dllcache\sonync.sys
2009-04-29 20:01 . 2001-08-17 21:36 28672 ----a-w c:\windows\system32\dllcache\sma0w.dll
2009-04-29 20:00 . 2001-08-17 11:50 68608 ----a-w c:\windows\system32\dllcache\sis6306p.sys
2009-04-29 20:00 . 2001-08-17 13:56 252032 ----a-w c:\windows\system32\dllcache\sis300iv.dll
2009-04-29 20:00 . 2001-08-17 11:50 101760 ----a-w c:\windows\system32\dllcache\sis300ip.sys
2009-04-29 20:00 . 2004-08-04 13:00 18944 ----a-w c:\windows\system32\dllcache\simptcp.dll
2009-04-29 20:00 . 2001-07-21 13:29 161568 ----a-w c:\windows\system32\dllcache\sgsmusb.sys
2009-04-29 20:00 . 2001-07-21 13:29 18400 ----a-w c:\windows\system32\dllcache\sgsmld.sys
2009-04-29 20:00 . 2001-08-17 11:51 98080 ----a-w c:\windows\system32\dllcache\sgiulnt5.sys
2009-04-29 20:00 . 2001-08-17 21:36 386560 ----a-w c:\windows\system32\dllcache\sgiul50.dll
2009-04-29 20:00 . 2001-08-17 11:19 36480 ----a-w c:\windows\system32\dllcache\sfmanm.sys
2009-04-29 20:00 . 2001-08-17 12:53 6784 ----a-w c:\windows\system32\dllcache\serscan.sys
2009-04-29 19:58 . 2001-08-17 13:56 198400 ----a-w c:\windows\system32\dllcache\s3sav4.dll
2009-04-29 19:58 . 2001-08-17 11:50 61504 ----a-w c:\windows\system32\dllcache\s3sav3dm.sys
2009-04-29 19:58 . 2001-08-17 13:56 179264 ----a-w c:\windows\system32\dllcache\s3sav3d.dll
2009-04-29 19:58 . 2001-08-17 13:56 210496 ----a-w c:\windows\system32\dllcache\s3mvirge.dll
2009-04-29 19:58 . 2001-08-17 21:36 62496 ----a-w c:\windows\system32\dllcache\s3mtrio.dll
2009-04-29 19:58 . 2001-08-17 11:50 41216 ----a-w c:\windows\system32\dllcache\s3mt3d.sys
2009-04-29 19:58 . 2001-08-17 13:56 182272 ----a-w c:\windows\system32\dllcache\s3mt3d.dll
2009-04-29 19:58 . 2001-08-17 11:50 166720 ----a-w c:\windows\system32\dllcache\s3m.sys
2009-04-29 19:58 . 2001-08-17 12:57 65664 ----a-w c:\windows\system32\dllcache\s3legacy.sys
2009-04-29 19:58 . 2001-08-17 21:36 82432 ----a-w c:\windows\system32\dllcache\rwia450.dll
2009-04-29 19:56 . 2001-08-17 12:28 899146 ----a-w c:\windows\system32\dllcache\r2mdkxga.sys
2009-04-29 19:56 . 2001-08-17 21:36 41472 ----a-w c:\windows\system32\dllcache\qvusd.dll
2009-04-29 19:56 . 2001-08-17 12:53 3328 ----a-w c:\windows\system32\dllcache\qv2kux.sys
2009-04-29 19:56 . 2004-08-04 13:00 16384 ----a-w c:\windows\system32\dllcache\quser.exe
2009-04-29 19:56 . 2004-08-04 13:00 9728 ----a-w c:\windows\system32\dllcache\query.exe
2009-04-29 19:56 . 2001-08-17 12:52 49024 ----a-w c:\windows\system32\dllcache\ql1280.sys
2009-04-29 19:56 . 2001-08-17 12:52 40448 ----a-w c:\windows\system32\dllcache\ql1240.sys
2009-04-29 19:56 . 2001-08-17 12:52 45312 ----a-w c:\windows\system32\dllcache\ql12160.sys
2009-04-29 19:56 . 2001-08-17 12:52 33152 ----a-w c:\windows\system32\dllcache\ql10wnt.sys
2009-04-29 19:56 . 2001-08-17 12:52 40320 ----a-w c:\windows\system32\dllcache\ql1080.sys
2009-04-29 19:56 . 2008-04-13 17:40 6016 ----a-w c:\windows\system32\dllcache\qic157.sys
2009-04-29 19:56 . 2001-08-17 12:28 130942 ----a-w c:\windows\system32\dllcache\ptserlv.sys
2009-04-29 19:54 . 2001-08-17 13:04 92416 ----a-w c:\windows\system32\dllcache\phildec.sys
2009-04-29 19:53 . 2001-08-17 11:11 29769 ----a-w c:\windows\system32\dllcache\pcntn5m.sys
2009-04-29 19:52 . 2001-08-17 13:05 31872 ----a-w c:\windows\system32\dllcache\ovce.sys
2009-04-29 19:52 . 2001-08-17 13:05 28032 ----a-w c:\windows\system32\dllcache\ovcd.sys
2009-04-29 19:52 . 2001-08-17 13:05 48000 ----a-w c:\windows\system32\dllcache\ovcam2.sys
2009-04-29 19:52 . 2001-08-17 13:05 25088 ----a-w c:\windows\system32\dllcache\ovca.sys
2009-04-29 19:52 . 2001-08-17 12:28 54186 ----a-w c:\windows\system32\dllcache\otcsercb.sys
2009-04-29 19:52 . 2001-08-17 11:12 43689 ----a-w c:\windows\system32\dllcache\otceth5.sys
2009-04-29 19:52 . 2001-08-17 11:12 27209 ----a-w c:\windows\system32\dllcache\otc06x5.sys
2009-04-29 19:52 . 2001-08-17 11:20 54528 ----a-w c:\windows\system32\dllcache\opl3sax.sys
2009-04-29 19:52 . 2001-08-17 11:50 198144 ----a-w c:\windows\system32\dllcache\nv3.sys
2009-04-29 19:52 . 2001-08-17 21:36 123776 ----a-w c:\windows\system32\dllcache\nv3.dll
2009-04-29 19:50 . 2001-08-17 13:56 91488 ----a-w c:\windows\system32\dllcache\n9i3disp.dll
2009-04-29 19:50 . 2001-08-17 11:50 27936 ----a-w c:\windows\system32\dllcache\n9i3d.sys
2009-04-29 19:50 . 2001-08-17 11:50 33088 ----a-w c:\windows\system32\dllcache\n9i128v2.sys
2009-04-29 19:50 . 2001-08-17 21:36 59104 ----a-w c:\windows\system32\dllcache\n9i128v2.dll
2009-04-29 19:50 . 2001-08-17 11:50 13664 ----a-w c:\windows\system32\dllcache\n9i128.sys
2009-04-29 19:50 . 2001-08-17 13:56 35392 ----a-w c:\windows\system32\dllcache\n9i128.dll
2009-04-29 19:50 . 2001-08-17 11:11 128000 ----a-w c:\windows\system32\dllcache\n100325.sys
2009-04-29 19:50 . 2001-08-17 11:11 52255 ----a-w c:\windows\system32\dllcache\n1000nt5.sys
2009-04-29 19:50 . 2001-08-17 12:50 75520 ----a-w c:\windows\system32\dllcache\mxport.sys
2009-04-29 19:50 . 2001-08-17 21:36 7168 ----a-w c:\windows\system32\dllcache\mxport.dll
2009-04-29 19:50 . 2001-08-17 12:49 19968 ----a-w c:\windows\system32\dllcache\mxnic.sys
2009-04-29 19:50 . 2001-08-17 21:36 19968 ----a-w c:\windows\system32\dllcache\mxicfg.dll
2009-04-29 19:48 . 2008-04-13 17:46 15232 ----a-w c:\windows\system32\dllcache\mpe.sys
2009-04-29 19:47 . 2001-08-17 21:36 58880 ----a-w c:\windows\system32\dllcache\m3092dc.dll
2009-04-29 19:46 . 2001-08-17 11:12 26442 ----a-w c:\windows\system32\dllcache\lanepic5.sys
2009-04-29 19:45 . 2001-08-17 12:49 23552 ----a-w c:\windows\system32\dllcache\irmk7.sys
2009-04-29 19:44 . 2001-08-17 21:36 45056 ----a-w c:\windows\system32\dllcache\icam5com.dll
2009-04-29 19:43 . 2004-08-04 13:00 10096640 ----a-w c:\windows\system32\dllcache\hwxcht.dll
2009-04-29 19:43 . 2001-08-17 12:28 488383 ----a-w c:\windows\system32\dllcache\hsf_v124.sys
2009-04-29 19:43 . 2001-08-17 12:28 50751 ----a-w c:\windows\system32\dllcache\hsf_tone.sys
2009-04-29 19:43 . 2001-08-17 12:28 73279 ----a-w c:\windows\system32\dllcache\hsf_spkp.sys
2009-04-29 19:43 . 2001-08-17 12:28 44863 ----a-w c:\windows\system32\dllcache\hsf_soar.sys
2009-04-29 19:43 . 2001-08-17 12:28 57471 ----a-w c:\windows\system32\dllcache\hsf_samp.sys
2009-04-29 19:43 . 2001-08-17 12:28 542879 ----a-w c:\windows\system32\dllcache\hsf_msft.sys
2009-04-29 19:43 . 2001-08-17 12:28 391199 ----a-w c:\windows\system32\dllcache\hsf_k56k.sys
2009-04-29 19:43 . 2001-08-17 21:36 9759 ----a-w c:\windows\system32\dllcache\hsf_inst.dll
2009-04-29 19:43 . 2001-08-17 12:28 115807 ----a-w c:\windows\system32\dllcache\hsf_fsks.sys
2009-04-29 19:43 . 2001-08-17 12:28 199711 ----a-w c:\windows\system32\dllcache\hsf_faxx.sys
2009-04-29 19:43 . 2001-08-17 12:28 289887 ----a-w c:\windows\system32\dllcache\hsf_fall.sys
2009-04-29 19:43 . 2001-08-17 12:28 67167 ----a-w c:\windows\system32\dllcache\hsf_bsc2.sys
2009-04-29 19:41 . 2001-08-17 21:36 83968 ----a-w c:\windows\system32\dllcache\hpgt21.dll
2009-04-29 19:40 . 2001-08-17 21:36 92160 ----a-w c:\windows\system32\dllcache\fuusd.dll
2009-04-29 19:39 . 2001-08-17 11:12 16998 ----a-w c:\windows\system32\dllcache\ex10.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 09:34 . 2008-06-13 20:25

---

d

---

w c:\program files\Common Files\Teleca Shared
2009-04-28 09:21 . 2007-12-01 11:52

---

d

---

w c:\program files\Full Tilt Poker
2009-04-28 09:21 . 2005-08-29 08:57

---

d--h--w c:\program files\InstallShield Installation Information
2009-04-28 08:22 . 2008-07-28 19:51

---

d

---

w c:\program files\SpywareBlaster
2009-04-21 21:05 . 2005-08-29 08:59

---

d

---

w c:\program files\HPQ
2009-04-18 15:01 . 2007-03-23 10:05

---

d

---

w c:\program files\Lavasoft
2009-04-17 19:31 . 2007-03-23 10:01

---

d

---

w c:\program files\Common Files\Wise Installation Wizard
2009-04-13 14:17 . 2007-03-24 09:21

---

d

---

w c:\program files\Spybot - Search & Destroy
2009-04-11 06:59 . 2005-08-29 09:01

---

d

---

w c:\program files\Java
2009-04-09 18:40 . 2009-04-09 18:40

---

d

---

w c:\program files\iTunes
2009-04-09 18:40 . 2005-11-26 15:58

---

d

---

w c:\program files\iPod
2009-04-09 18:40 . 2007-07-09 11:49

---

d

---

w c:\program files\Common Files\Apple
2009-03-30 09:01 . 2009-03-30 09:00

---

d

---

w c:\program files\QuickTime
2009-03-30 08:49 . 2008-04-01 19:12

---

d

---

w c:\program files\Safari
2009-03-30 08:48 . 2009-03-30 08:48

---

d

---

w c:\program files\Bonjour
2009-03-23 20:06 . 2009-03-23 20:06 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-19 15:32 . 2008-01-29 11:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 04:19 . 2009-01-13 22:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-04 08:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 08:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 08:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 08:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 08:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 08:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 08:00 401408 ----a-w c:\windows\system32\rpcss.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-09 344064]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-04-27 122941]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2005-08-15 192512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]
"COMODO Memory Firewall"="c:\program files\COMODO\Memory Firewall\cmf.exe" [2008-07-28 2236160]
"BOC-427"="c:\progra~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-27 516440]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Creating Keepsakes Scrapbook Designer Event Reminder.lnk.disabled [2007-6-4 1775]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2005-11-26 184320]
HP Digital Imaging Monitor.lnk.disabled [2006-8-23 1808]
Picture Package Menu.lnk.disabled [2005-11-27 763]
Picture Package VCD Maker.lnk.disabled [2005-11-27 813]
Unwired Launchpad.lnk.disabled [2006-5-27 1596]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 01:15 63488 ----a-r c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=&quot;Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/04/2009 16:02 64160]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 09:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 09:00 14336]
R2 BOCore;BOCore;c:\program files\COMODO\CBOClean\BOCore.exe [28/07/2008 21:01 73464]
R2 cmfd;cmfd;c:\program files\COMODO\Memory Firewall\cmfd.sys [10/12/2008 12:16 11768]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18/04/2005 02:00 235904]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 953168]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [29/08/2005 10:31 87936]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [13/06/2008 21:39 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [13/06/2008 21:39 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [13/06/2008 21:39 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [13/06/2008 21:39 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [13/06/2008 21:40 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [13/06/2008 21:39 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [13/06/2008 21:40 90800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder
2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:02]
2009-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]
2009-05-10 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-03-24 13:45]
2009-04-29 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-03-20 12:39]
2009-05-09 c:\windows\Tasks\User_Feed_Synchronization-{573C561A-2AB9-4D09-B602-4F4AB0822355}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Explorer_Run-{67321FD1-063C-1033-0701-05050322003d} - c:\program files\Common Files\{67321FD1-063C-1033-0701-05050322003d}\Update.exe
HKU-Default-Explorer_Run-{67321FD1-063C-1033-0701-05050322003d} - c:\program files\Common Files\{67321FD1-063C-1033-0701-05050322003d}\Update.exe

.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Simone Loong\Application Data\Mozilla\Firefox\Profiles\eg9bvsbr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?%20
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
.
.

---

File Associations

---

.
txtfile=c:\windows\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 12:22
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\APSHook.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
.
Completion time: 2009-05-10 12:25
ComboFix-quarantined-files.txt 2009-05-10 11:24
Pre-Run: 14,779,645,952 bytes free
Post-Run: 14,789,988,352 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
328 --- E O F --- 2009-04-29 20:57

Katana

Is this a business computer, or do you connect to a company network ?

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

  DirLook::
  C\Program Files\Common
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SpybotSD TeaTimer"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Ad-Watch"=-
  ADS::
  

• Save this as CFScript.txt and place it on your desktop.
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

• Click the Scan Now button
• Follow the prompts to install the Active X if necessary
• Go and make a cup of tea/coffee/beverage of your choice and watch some TV
• When the scan is finished, a report will be generated
• Next to Scan Details click the small export to notepad button and save the report to your desktop.
• Please post the report in your reply.

narcheska

I dropped the txt file onto Combofix.exe and Combofix ran again. See log following. Now I am going to run the other scan you suggested...

ComboFix 09-05-09.05 - Simone Loong 10/05/2009 20:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.895.456 [GMT 1:00]
Running from: c:\documents and settings\Simone Loong\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Simone Loong\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.
2009-05-10 09:25 . 2009-05-10 10:32

---

d

---

w c:\windows\system32\NtmsData
2009-05-10 06:10 . 2009-05-10 06:10

---

d

---

w c:\documents and settings\Simone Loong\Application Data\Malwarebytes
2009-05-10 06:10 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-10 06:10 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 06:10 . 2009-05-10 06:10

---

d

---

w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-10 06:10 . 2009-05-10 06:10

---

d

---

w c:\program files\Malwarebytes' Anti-Malware
2009-05-09 21:02 . 2009-05-09 21:02

---

d

---

w c:\program files\trend micro
2009-05-09 21:01 . 2009-05-09 21:06

---

d

---

w C:\rsit
2009-04-29 20:11 . 2008-04-13 23:12 116224 ----a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-29 20:11 . 2001-08-17 21:36 23040 ----a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-29 20:11 . 2008-04-13 23:12 18944 ----a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-04-29 20:10 . 2001-08-17 21:37 27648 ----a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-04-29 20:10 . 2001-08-17 21:37 4608 ----a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-04-29 20:10 . 2001-08-17 21:37 99865 ----a-w c:\windows\system32\dllcache\xlog.exe
2009-04-29 20:10 . 2001-08-17 11:11 16970 ----a-w c:\windows\system32\dllcache\xem336n5.sys
2009-04-29 20:10 . 2004-08-03 20:29 19455 ----a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-04-29 20:10 . 2008-04-13 17:46 19200 ----a-w c:\windows\system32\dllcache\wstcodec.sys
2009-04-29 20:10 . 2004-08-03 20:29 12063 ----a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-04-29 20:10 . 2004-08-03 20:31 154624 ----a-w c:\windows\system32\dllcache\wlluc48.sys
2009-04-29 20:10 . 2001-08-17 11:12 34890 ----a-w c:\windows\system32\dllcache\wlandrv2.sys
2009-04-29 20:08 . 2001-08-17 12:28 397502 ----a-w c:\windows\system32\dllcache\vpctcom.sys
2009-04-29 20:07 . 2008-04-13 17:45 60032 ----a-w c:\windows\system32\dllcache\usbaudio.sys
2009-04-29 20:06 . 2001-08-17 11:51 166784 ----a-w c:\windows\system32\dllcache\tridxpm.sys
2009-04-29 20:05 . 2001-08-17 11:14 123995 ----a-w c:\windows\system32\dllcache\tjisdn.sys
2009-04-29 20:04 . 2001-08-17 21:36 94293 ----a-w c:\windows\system32\dllcache\sxports.dll
2009-04-29 20:04 . 2001-08-17 12:50 103936 ----a-w c:\windows\system32\dllcache\sx.sys
2009-04-29 20:04 . 2001-08-17 13:02 3968 ----a-w c:\windows\system32\dllcache\swusbflt.sys
2009-04-29 20:04 . 2001-08-17 21:36 10240 ----a-w c:\windows\system32\dllcache\swpidflt.dll
2009-04-29 20:04 . 2001-08-17 21:36 10240 ----a-w c:\windows\system32\dllcache\swpdflt2.dll
2009-04-29 20:04 . 2001-08-17 21:36 53760 ----a-w c:\windows\system32\dllcache\sw_wheel.dll
2009-04-29 20:04 . 2001-08-17 21:36 41472 ----a-w c:\windows\system32\dllcache\sw_effct.dll
2009-04-29 20:04 . 2008-04-13 17:46 15232 ----a-w c:\windows\system32\dllcache\streamip.sys
2009-04-29 20:04 . 2001-08-17 21:36 155648 ----a-w c:\windows\system32\dllcache\stlnprop.dll
2009-04-29 20:04 . 2001-08-17 21:36 53248 ----a-w c:\windows\system32\dllcache\stlncoin.dll
2009-04-29 20:04 . 2001-08-17 11:18 285760 ----a-w c:\windows\system32\dllcache\stlnata.sys
2009-04-29 20:03 . 2001-08-17 12:51 16896 ----a-w c:\windows\system32\dllcache\stcusb.sys
2009-04-29 20:03 . 2004-08-04 13:00 16896 ----a-w c:\windows\system32\dllcache\status.dll
2009-04-29 20:03 . 2001-08-17 11:11 48736 ----a-w c:\windows\system32\dllcache\srwlnd5.sys
2009-04-29 20:03 . 2001-08-17 21:36 99328 ----a-w c:\windows\system32\dllcache\srusd.dll
2009-04-29 20:03 . 2004-08-04 13:00 101376 ----a-w c:\windows\system32\dllcache\srusbusd.dll
2009-04-29 20:03 . 2001-08-17 21:36 24660 ----a-w c:\windows\system32\dllcache\spxupchk.dll
2009-04-29 20:03 . 2001-08-17 12:51 61824 ----a-w c:\windows\system32\dllcache\speed.sys
2009-04-29 20:03 . 2001-08-17 21:36 106584 ----a-w c:\windows\system32\dllcache\spdports.dll
2009-04-29 20:03 . 2001-08-17 13:07 19072 ----a-w c:\windows\system32\dllcache\sparrow.sys
2009-04-29 20:03 . 2001-08-17 11:51 37040 ----a-w c:\windows\system32\dllcache\sonypi.sys
2009-04-29 20:03 . 2001-08-17 21:36 114688 ----a-w c:\windows\system32\dllcache\sonypi.dll
2009-04-29 20:03 . 2001-08-17 11:51 20752 ----a-w c:\windows\system32\dllcache\sonync.sys
2009-04-29 20:01 . 2001-08-17 21:36 28672 ----a-w c:\windows\system32\dllcache\sma0w.dll
2009-04-29 20:00 . 2001-08-17 11:50 68608 ----a-w c:\windows\system32\dllcache\sis6306p.sys
2009-04-29 20:00 . 2001-08-17 13:56 252032 ----a-w c:\windows\system32\dllcache\sis300iv.dll
2009-04-29 20:00 . 2001-08-17 11:50 101760 ----a-w c:\windows\system32\dllcache\sis300ip.sys
2009-04-29 20:00 . 2004-08-04 13:00 18944 ----a-w c:\windows\system32\dllcache\simptcp.dll
2009-04-29 20:00 . 2001-07-21 13:29 161568 ----a-w c:\windows\system32\dllcache\sgsmusb.sys
2009-04-29 20:00 . 2001-07-21 13:29 18400 ----a-w c:\windows\system32\dllcache\sgsmld.sys
2009-04-29 20:00 . 2001-08-17 11:51 98080 ----a-w c:\windows\system32\dllcache\sgiulnt5.sys
2009-04-29 20:00 . 2001-08-17 21:36 386560 ----a-w c:\windows\system32\dllcache\sgiul50.dll
2009-04-29 20:00 . 2001-08-17 11:19 36480 ----a-w c:\windows\system32\dllcache\sfmanm.sys
2009-04-29 20:00 . 2001-08-17 12:53 6784 ----a-w c:\windows\system32\dllcache\serscan.sys
2009-04-29 19:58 . 2001-08-17 13:56 198400 ----a-w c:\windows\system32\dllcache\s3sav4.dll
2009-04-29 19:58 . 2001-08-17 11:50 61504 ----a-w c:\windows\system32\dllcache\s3sav3dm.sys
2009-04-29 19:58 . 2001-08-17 13:56 179264 ----a-w c:\windows\system32\dllcache\s3sav3d.dll
2009-04-29 19:58 . 2001-08-17 13:56 210496 ----a-w c:\windows\system32\dllcache\s3mvirge.dll
2009-04-29 19:58 . 2001-08-17 21:36 62496 ----a-w c:\windows\system32\dllcache\s3mtrio.dll
2009-04-29 19:58 . 2001-08-17 11:50 41216 ----a-w c:\windows\system32\dllcache\s3mt3d.sys
2009-04-29 19:58 . 2001-08-17 13:56 182272 ----a-w c:\windows\system32\dllcache\s3mt3d.dll
2009-04-29 19:58 . 2001-08-17 11:50 166720 ----a-w c:\windows\system32\dllcache\s3m.sys
2009-04-29 19:58 . 2001-08-17 12:57 65664 ----a-w c:\windows\system32\dllcache\s3legacy.sys
2009-04-29 19:58 . 2001-08-17 21:36 82432 ----a-w c:\windows\system32\dllcache\rwia450.dll
2009-04-29 19:56 . 2001-08-17 12:28 899146 ----a-w c:\windows\system32\dllcache\r2mdkxga.sys
2009-04-29 19:56 . 2001-08-17 21:36 41472 ----a-w c:\windows\system32\dllcache\qvusd.dll
2009-04-29 19:56 . 2001-08-17 12:53 3328 ----a-w c:\windows\system32\dllcache\qv2kux.sys
2009-04-29 19:56 . 2004-08-04 13:00 16384 ----a-w c:\windows\system32\dllcache\quser.exe
2009-04-29 19:56 . 2004-08-04 13:00 9728 ----a-w c:\windows\system32\dllcache\query.exe
2009-04-29 19:56 . 2001-08-17 12:52 49024 ----a-w c:\windows\system32\dllcache\ql1280.sys
2009-04-29 19:56 . 2001-08-17 12:52 40448 ----a-w c:\windows\system32\dllcache\ql1240.sys
2009-04-29 19:56 . 2001-08-17 12:52 45312 ----a-w c:\windows\system32\dllcache\ql12160.sys
2009-04-29 19:56 . 2001-08-17 12:52 33152 ----a-w c:\windows\system32\dllcache\ql10wnt.sys
2009-04-29 19:56 . 2001-08-17 12:52 40320 ----a-w c:\windows\system32\dllcache\ql1080.sys
2009-04-29 19:56 . 2008-04-13 17:40 6016 ----a-w c:\windows\system32\dllcache\qic157.sys
2009-04-29 19:56 . 2001-08-17 12:28 130942 ----a-w c:\windows\system32\dllcache\ptserlv.sys
2009-04-29 19:54 . 2001-08-17 13:04 92416 ----a-w c:\windows\system32\dllcache\phildec.sys
2009-04-29 19:53 . 2001-08-17 11:11 29769 ----a-w c:\windows\system32\dllcache\pcntn5m.sys
2009-04-29 19:52 . 2001-08-17 13:05 31872 ----a-w c:\windows\system32\dllcache\ovce.sys
2009-04-29 19:52 . 2001-08-17 13:05 28032 ----a-w c:\windows\system32\dllcache\ovcd.sys
2009-04-29 19:52 . 2001-08-17 13:05 48000 ----a-w c:\windows\system32\dllcache\ovcam2.sys
2009-04-29 19:52 . 2001-08-17 13:05 25088 ----a-w c:\windows\system32\dllcache\ovca.sys
2009-04-29 19:52 . 2001-08-17 12:28 54186 ----a-w c:\windows\system32\dllcache\otcsercb.sys
2009-04-29 19:52 . 2001-08-17 11:12 43689 ----a-w c:\windows\system32\dllcache\otceth5.sys
2009-04-29 19:52 . 2001-08-17 11:12 27209 ----a-w c:\windows\system32\dllcache\otc06x5.sys
2009-04-29 19:52 . 2001-08-17 11:20 54528 ----a-w c:\windows\system32\dllcache\opl3sax.sys
2009-04-29 19:52 . 2001-08-17 11:50 198144 ----a-w c:\windows\system32\dllcache\nv3.sys
2009-04-29 19:52 . 2001-08-17 21:36 123776 ----a-w c:\windows\system32\dllcache\nv3.dll
2009-04-29 19:50 . 2001-08-17 13:56 91488 ----a-w c:\windows\system32\dllcache\n9i3disp.dll
2009-04-29 19:50 . 2001-08-17 11:50 27936 ----a-w c:\windows\system32\dllcache\n9i3d.sys
2009-04-29 19:50 . 2001-08-17 11:50 33088 ----a-w c:\windows\system32\dllcache\n9i128v2.sys
2009-04-29 19:50 . 2001-08-17 21:36 59104 ----a-w c:\windows\system32\dllcache\n9i128v2.dll
2009-04-29 19:50 . 2001-08-17 11:50 13664 ----a-w c:\windows\system32\dllcache\n9i128.sys
2009-04-29 19:50 . 2001-08-17 13:56 35392 ----a-w c:\windows\system32\dllcache\n9i128.dll
2009-04-29 19:50 . 2001-08-17 11:11 128000 ----a-w c:\windows\system32\dllcache\n100325.sys
2009-04-29 19:50 . 2001-08-17 11:11 52255 ----a-w c:\windows\system32\dllcache\n1000nt5.sys
2009-04-29 19:50 . 2001-08-17 12:50 75520 ----a-w c:\windows\system32\dllcache\mxport.sys
2009-04-29 19:50 . 2001-08-17 21:36 7168 ----a-w c:\windows\system32\dllcache\mxport.dll
2009-04-29 19:50 . 2001-08-17 12:49 19968 ----a-w c:\windows\system32\dllcache\mxnic.sys
2009-04-29 19:50 . 2001-08-17 21:36 19968 ----a-w c:\windows\system32\dllcache\mxicfg.dll
2009-04-29 19:48 . 2008-04-13 17:46 15232 ----a-w c:\windows\system32\dllcache\mpe.sys
2009-04-29 19:47 . 2001-08-17 21:36 58880 ----a-w c:\windows\system32\dllcache\m3092dc.dll
2009-04-29 19:46 . 2001-08-17 11:12 26442 ----a-w c:\windows\system32\dllcache\lanepic5.sys
2009-04-29 19:45 . 2001-08-17 12:49 23552 ----a-w c:\windows\system32\dllcache\irmk7.sys
2009-04-29 19:44 . 2001-08-17 21:36 45056 ----a-w c:\windows\system32\dllcache\icam5com.dll
2009-04-29 19:43 . 2004-08-04 13:00 10096640 ----a-w c:\windows\system32\dllcache\hwxcht.dll
2009-04-29 19:43 . 2001-08-17 12:28 488383 ----a-w c:\windows\system32\dllcache\hsf_v124.sys
2009-04-29 19:43 . 2001-08-17 12:28 50751 ----a-w c:\windows\system32\dllcache\hsf_tone.sys
2009-04-29 19:43 . 2001-08-17 12:28 73279 ----a-w c:\windows\system32\dllcache\hsf_spkp.sys
2009-04-29 19:43 . 2001-08-17 12:28 44863 ----a-w c:\windows\system32\dllcache\hsf_soar.sys
2009-04-29 19:43 . 2001-08-17 12:28 57471 ----a-w c:\windows\system32\dllcache\hsf_samp.sys
2009-04-29 19:43 . 2001-08-17 12:28 542879 ----a-w c:\windows\system32\dllcache\hsf_msft.sys
2009-04-29 19:43 . 2001-08-17 12:28 391199 ----a-w c:\windows\system32\dllcache\hsf_k56k.sys
2009-04-29 19:43 . 2001-08-17 21:36 9759 ----a-w c:\windows\system32\dllcache\hsf_inst.dll
2009-04-29 19:43 . 2001-08-17 12:28 115807 ----a-w c:\windows\system32\dllcache\hsf_fsks.sys
2009-04-29 19:43 . 2001-08-17 12:28 199711 ----a-w c:\windows\system32\dllcache\hsf_faxx.sys
2009-04-29 19:43 . 2001-08-17 12:28 289887 ----a-w c:\windows\system32\dllcache\hsf_fall.sys
2009-04-29 19:43 . 2001-08-17 12:28 67167 ----a-w c:\windows\system32\dllcache\hsf_bsc2.sys
2009-04-29 19:41 . 2001-08-17 21:36 83968 ----a-w c:\windows\system32\dllcache\hpgt21.dll
2009-04-29 19:40 . 2001-08-17 21:36 92160 ----a-w c:\windows\system32\dllcache\fuusd.dll
2009-04-29 19:39 . 2001-08-17 11:12 16998 ----a-w c:\windows\system32\dllcache\ex10.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 09:34 . 2008-06-13 20:25

---

d

---

w c:\program files\Common Files\Teleca Shared
2009-04-28 09:21 . 2007-12-01 11:52

---

d

---

w c:\program files\Full Tilt Poker
2009-04-28 09:21 . 2005-08-29 08:57

---

d--h--w c:\program files\InstallShield Installation Information
2009-04-28 08:22 . 2008-07-28 19:51

---

d

---

w c:\program files\SpywareBlaster
2009-04-21 21:05 . 2005-08-29 08:59

---

d

---

w c:\program files\HPQ
2009-04-18 15:01 . 2007-03-23 10:05

---

d

---

w c:\program files\Lavasoft
2009-04-17 19:31 . 2007-03-23 10:01

---

d

---

w c:\program files\Common Files\Wise Installation Wizard
2009-04-13 14:17 . 2007-03-24 09:21

---

d

---

w c:\program files\Spybot - Search & Destroy
2009-04-11 06:59 . 2005-08-29 09:01

---

d

---

w c:\program files\Java
2009-04-09 18:40 . 2009-04-09 18:40

---

d

---

w c:\program files\iTunes
2009-04-09 18:40 . 2005-11-26 15:58

---

d

---

w c:\program files\iPod
2009-04-09 18:40 . 2007-07-09 11:49

---

d

---

w c:\program files\Common Files\Apple
2009-03-30 09:01 . 2009-03-30 09:00

---

d

---

w c:\program files\QuickTime
2009-03-30 08:49 . 2008-04-01 19:12

---

d

---

w c:\program files\Safari
2009-03-30 08:48 . 2009-03-30 08:48

---

d

---

w c:\program files\Bonjour
2009-03-23 20:06 . 2009-03-23 20:06 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-19 15:32 . 2008-01-29 11:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 04:19 . 2009-01-13 22:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-04 08:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 08:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 08:00 78336 ----a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-05-10_11.22.27"]SnapShot@2009-05-10_11.22.27[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-10 18:51 . 2009-05-10 18:51 16384 c:\windows\Temp\Perflib_Perfdata_4ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-09 344064]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-04-27 122941]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2005-08-15 192512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]
"COMODO Memory Firewall"="c:\program files\COMODO\Memory Firewall\cmf.exe" [2008-07-28 2236160]
"BOC-427"="c:\progra~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Creating Keepsakes Scrapbook Designer Event Reminder.lnk.disabled [2007-6-4 1775]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2005-11-26 184320]
HP Digital Imaging Monitor.lnk.disabled [2006-8-23 1808]
Picture Package Menu.lnk.disabled [2005-11-27 763]
Picture Package VCD Maker.lnk.disabled [2005-11-27 813]
Unwired Launchpad.lnk.disabled [2006-5-27 1596]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 01:15 63488 ----a-r c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=&quot;Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/04/2009 16:02 64160]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 09:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 09:00 14336]
R2 BOCore;BOCore;c:\program files\COMODO\CBOClean\BOCore.exe [28/07/2008 21:01 73464]
R2 cmfd;cmfd;c:\program files\COMODO\Memory Firewall\cmfd.sys [10/12/2008 12:16 11768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 953168]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18/04/2005 02:00 235904]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [29/08/2005 10:31 87936]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [13/06/2008 21:39 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [13/06/2008 21:39 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [13/06/2008 21:39 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [13/06/2008 21:39 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [13/06/2008 21:40 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [13/06/2008 21:39 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [13/06/2008 21:40 90800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder
2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:02]
2009-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]
2009-05-10 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-03-24 13:45]
2009-04-29 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-03-20 12:39]
2009-05-09 c:\windows\Tasks\User_Feed_Synchronization-{573C561A-2AB9-4D09-B602-4F4AB0822355}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Simone Loong\Application Data\Mozilla\Firefox\Profiles\eg9bvsbr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?%20
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 20:05
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\APSHook.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
- - - - - - - > 'explorer.exe'(3764)
c:\windows\system32\cmfdll32.dll
c:\windows\system32\APSHook.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-10 20:08
ComboFix-quarantined-files.txt 2009-05-10 19:07
ComboFix2.txt 2009-05-10 11:25
Pre-Run: 14,783,918,080 bytes free
Post-Run: 14,774,214,656 bytes free
317 --- E O F --- 2009-04-29 20:57

Katana

Katana wrote:

Is this a business computer, or do you connect to a company network ?

narcheska

Nope, not a business computer and I don't connect to a business network. I'm a stay at home mom of two under two in the middle of moving from the UK to Australia. Sorry if my replies have been erractic or missing information. So much going on!! Thanks again for your help, I really appreciate it :)

Attached is the activescan.txt.

Katana

narcheska wrote:

Sorry if my replies have been erractic or missing information.

Don't worry about it

Well, there doesn't look to be any active infection or monitoring software present.

Is the "C\Program Files\Common" still opening at boot up ?

narcheska

Yep, "C\Program Files\Common" is still opening at startup.

When ComboFix first ran, one of the first messages that popped up said something about a trojan and then it disappeared. I notice that virus/trojan came up again in Active Scan though it said it wasn't active. Do I need to remove this so it doesn't become active?

Katana

The only trojan that Active scan found is a False positive, that file is part of HP machines.


Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:

  :dir
  C\Program Files /n*common*
  
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

narcheska

C\Program Files - Parameters: "/n*common*" returned nothing so I searched C:\Program Files - Parameters: "/n*common*" and below is the log.


SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 16:38 on 13/05/2009 by Simone Loong (Administrator - Elevation successful)

========== dir ==========

C:\Program Files - Parameters: "/n*common*"

---Files---
None found.

---Folders---
Adobe d

---

[09:08 29/08/2005]
Altiris d

---

[09:08 29/08/2005]
AMD d

---

[08:57 29/08/2005]
Apple Software Update d

---

[18:36 25/10/2006]
ATI Technologies d

---

[09:09 29/08/2005]
AuthenTec d

---

[09:00 26/11/2005]
Avira d

---

[10:56 24/03/2008]
Bonjour d

---

[08:48 30/03/2009]
Broadcom d

---

[12:06 31/03/2007]
Common d

---

[11:32 20/07/2006]
Common Files d

---

[08:48 29/08/2005]
COMODO d

---

[19:57 28/07/2008]
ComPlus Applications d

---

[08:48 29/08/2005]
CONEXANT d

---

[08:51 29/08/2005]
del.icio.us d

---

[09:40 05/02/2007]
DIFX d

---

[05:17 23/07/2006]
directx d

---

[13:22 29/08/2006]
Easy Internet signup d

---

[09:11 29/08/2005]
eMusic Download Manager d

---

[13:35 19/08/2006]
EPSON d

---

[16:19 04/02/2007]
Fingerprint Sensor d

---

[09:24 29/08/2005]
Flickr Uploadr d

---

[14:47 27/05/2006]
Full Tilt Poker d

---

[11:52 01/12/2007]
Grisoft d

---

[14:09 28/03/2007]
Hewlett-Packard d

---

[09:11 29/08/2005]
Hijackthis d

---

[17:37 24/03/2007]
HP d

---

[15:45 23/08/2006]
HPQ d

---

[08:59 29/08/2005]
InstallShield Installation Information d--h-- [08:57 29/08/2005]
InterActual d

---

[20:38 04/10/2006]
Internet Explorer d

---

[08:48 29/08/2005]
InterVideo d

---

[09:01 26/11/2005]
iPod d

---

[15:58 26/11/2005]
iTunes d

---

[18:40 09/04/2009]
Java d

---

[09:01 29/08/2005]
Lavasoft d

---

[10:05 23/03/2007]
Malwarebytes' Anti-Malware d

---

[06:10 10/05/2009]
Messenger d

---

[08:48 29/08/2005]
Microsoft ActiveSync d

---

[15:44 26/11/2005]
Microsoft CAPICOM 2.1.0.2 d

---

[19:09 14/05/2007]
microsoft frontpage d

---

[08:48 29/08/2005]
Microsoft Office d

---

[15:42 26/11/2005]
Microsoft.NET d

---

[15:42 26/11/2005]
Movie Maker d

---

[08:48 29/08/2005]
Mozilla Firefox d

---

[13:03 23/07/2006]
MSBuild d

---

[22:12 26/03/2007]
MSN d

---

[08:48 29/08/2005]
MSN Gaming Zone d

---

[08:48 29/08/2005]
MSN Messenger d

---

[15:17 27/05/2006]
MSXML 4.0 d

---

[19:01 16/10/2006]
MSXML 6.0 d

---

[20:57 15/08/2007]
NetMeeting d

---

[08:48 29/08/2005]
NetShow Services d

---

[13:22 29/08/2006]
Nokia d

---

[07:00 30/06/2006]
Online Services d

---

[08:48 29/08/2005]
OptusNet Dial-up Internet d

---

[09:23 14/12/2005]
Outlook Express d

---

[08:48 29/08/2005]
Panda Security d

---

[19:13 10/05/2009]
PIXELA d

---

[04:48 27/11/2005]
Program Shortcuts d

---

[08:58 26/11/2005]
QuickTime d

---

[09:00 30/03/2009]
Reference Assemblies d

---

[22:07 26/03/2007]
Safari d

---

[19:12 01/04/2008]
Samsung d

---

[09:16 27/11/2007]
Scrapbook Designer d

---

[13:03 04/06/2007]
Security Task Manager d

---

[15:55 18/12/2007]
Skype d

---

[02:22 07/01/2006]
Sonic d

---

[09:11 29/08/2005]
Sony Corporation d

---

[04:45 27/11/2005]
Spybot - Search & Destroy d

---

[09:21 24/03/2007]
SpywareBlaster d

---

[19:51 28/07/2008]
SupportSoft d

---

[17:49 07/11/2007]
Symantec d

---

[09:21 29/08/2005]
Synaptics d

---

[09:18 29/08/2005]
TalkTalk d

---

[17:49 07/11/2007]
Tiscali d

---

[16:29 05/01/2007]
trend micro d

---

[21:02 09/05/2009]
Uninstall Information d--h-- [08:48 29/08/2005]
Web Publish d

---

[13:09 04/06/2007]
WinAce d

---

[15:31 29/05/2007]
Windows Media Connect d

---

[09:24 29/08/2005]
Windows Media Connect 2 d

---

[11:23 29/01/2007]
Windows Media Player d

---

[08:48 29/08/2005]
Windows NT d

---

[08:48 29/08/2005]
WindowsUpdate d--h-- [08:48 29/08/2005]
xerox d

---

[08:48 29/08/2005]
Yahoo! d

---

[06:45 09/01/2006]
ZoneAlarmSB d

---

[13:46 15/12/2007]

-=End Of File=-

Katana

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off
if exist C:\Kresults.txt del /q C:\Kresults.txt
dir /a /d /s "C\Program Files\Common" > C:\Kresults.txt
start notepad C:\Kresults.txt
del /q %0
exit

Double click on look.bat
Please be patient, as this will search the entire disc

Notepad will open, please copy/paste the results here.

narcheska

I copied and pasted exactly as you said, then double clicked look.bat. Kresults.txt opened straight away and it is blank. It has been that way for a couple of hours....

Katana

OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include :Processes )

:Processes
:Files
C\Program Files\Common
C:\Kresults.txt
:Commands

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• - Close ALL open windows (especially Internet Explorer!)-
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and see if you still have the problem

narcheska

In 24 hours I'll be on a plane migrating to Australia with two kids under 2. Argh!! I'll be back online in a few days - hopefully!!

Thanks for your patience

Katana

narcheska wrote:

In 24 hours I'll be on a plane migrating to Australia with two kids under 2.

Rather you than me :lol:

See you soon :thumbup