My PC maybe has malware?

Unknown · May 2009

Hello! I came across this forum when I did a google search about K-line bans from an IRC network that I had not previously been on. I found a post by another user who was having a similar problem and someone responded to their post saying that they might have malware on their computer. As far as I can tell, my computer is running fine, but I figured it wouldn't hurt to show it to people who might know better than me. Any help will be greatly appreciated!

Here is the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:30 PM, on 5/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ABC\ABC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\mIRC\mirc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6713 bytes

Katana · May 2009

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

nadiaff · May 2009

Here is the log.txt and info.txt from RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nadia Hemady at 2009-05-08 15:23:52
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 51 GB (22%) free of 238 GB
Total RAM: 1982 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:05 PM, on 5/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ABC\ABC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\mIRC\mirc32.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Paint Shop Pro\Psp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nadia Hemady\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nadia Hemady.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6837 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-08 176128]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-02 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2004-08-04 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]
"AIM"=C:\Program Files\AIM\aim.exe [2005-08-05 67160]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2007-04-09 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2007-04-09 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2003-12-05 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe [2005-07-08 491520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [2005-07-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"J:\mIRC\mirc32.exe"="J:\mIRC\mirc32.exe:*:Enabled:mIRC"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\mIRC\mirc32.exe"="C:\mIRC\mirc32.exe:*:Enabled:mIRC"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-05-08 15:23:52 ----D---- C:\rsit
2009-05-05 20:24:13 ----D---- C:\Program Files\Trend Micro
2009-05-05 16:36:57 ----D---- C:\Amy mp3s
2009-05-02 01:38:39 ----A---- C:\WINDOWS\cdplayer.ini
2009-05-02 01:34:50 ----D---- C:\Program Files\Common Files\xing shared
2009-05-02 01:34:42 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-05-02 01:34:30 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-05-02 01:34:30 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-05-02 01:34:29 ----D---- C:\Program Files\Real
2009-05-02 01:34:28 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-05-02 01:34:23 ----D---- C:\Program Files\Common Files\Real
2009-05-02 01:34:20 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\Real
2009-04-30 23:52:59 ----D---- C:\Program Files\GuiltyPLUS
2009-04-30 22:52:19 ----D---- C:\Program Files\Amorous Professor Cherry
2009-04-30 22:45:38 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\.ABC
2009-04-30 13:34:53 ----D---- C:\Program Files\ABC
2009-04-30 01:52:30 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\skypePM
2009-04-30 01:49:15 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\Skype
2009-04-30 01:02:23 ----D---- C:\Program Files\Common Files\Skype
2009-04-30 01:02:20 ----RD---- C:\Program Files\Skype
2009-04-30 01:02:13 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-04-29 21:36:50 ----D---- C:\Anime
2009-04-29 01:00:12 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\Media Player Classic
2009-04-29 00:59:06 ----D---- C:\Program Files\Combined Community Codec Pack
2009-04-29 00:58:18 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\WinRAR
2009-04-29 00:57:52 ----D---- C:\Program Files\WinRAR
2009-04-28 19:58:15 ----D---- C:\Recovered Files
2009-04-27 23:44:23 ----D---- C:\Program Files\NOS
2009-04-27 23:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-04-16 03:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 03:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 03:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 03:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-16 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 01:56:30 ----D---- C:\Program Files\R-Studio
2009-04-16 01:25:02 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\Apple Computer
2009-04-16 01:24:48 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-04-16 01:24:22 ----D---- C:\Program Files\iPod
2009-04-16 01:24:18 ----D---- C:\Program Files\iTunes
2009-04-16 01:24:18 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-16 01:23:54 ----D---- C:\Program Files\Bonjour
2009-04-16 01:22:46 ----D---- C:\Program Files\QuickTime
2009-04-16 01:22:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-04-16 01:22:11 ----D---- C:\Program Files\Apple Software Update
2009-04-16 01:22:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-16 01:22:01 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-04-16 01:21:33 ----D---- C:\Program Files\Common Files\Apple
2009-04-16 01:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-04-16 01:09:13 ----D---- C:\Recovery
2009-04-15 14:43:30 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-04-15 14:43:29 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-04-15 12:39:24 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-04-15 12:39:14 ----D---- C:\Program Files\Audacity
2009-04-15 12:39:04 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-04-15 12:39:03 ----D---- C:\Program Files\DVDVideoSoft
2009-04-14 15:03:31 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\Eltima Software
2009-04-14 15:03:11 ----D---- C:\Program Files\Eltima Software
2009-04-14 14:59:43 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\scriptocean
2009-04-14 14:59:40 ----D---- C:\Program Files\Scriptocean
2009-04-13 22:17:10 ----A---- C:\WINDOWS\ODBC.INI
2009-04-13 22:17:01 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-04-13 22:15:10 ----D---- C:\Program Files\Microsoft ActiveSync
2009-04-13 22:15:06 ----D---- C:\Program Files\Common Files\DESIGNER
2009-04-13 22:14:36 ----D---- C:\WINDOWS\SHELLNEW
2009-04-13 22:12:51 ----D---- C:\Program Files\Microsoft Office
2009-04-13 22:10:55 ----RHD---- C:\MSOCache
2009-04-12 10:33:27 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-04-11 13:30:28 ----D---- C:\mIRC
2009-04-11 13:07:15 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-11 13:05:11 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2009-04-11 13:05:08 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-04-11 13:02:53 ----D---- C:\Program Files\Common Files\Adobe
2009-04-11 13:01:50 ----D---- C:\Program Files\Adobe
2009-04-11 12:57:50 ----A---- C:\WINDOWS\MSVCRT20.DLL
2009-04-11 12:57:45 ----D---- C:\Program Files\Paint Shop Pro
2009-04-10 17:27:41 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-04-10 09:49:00 ----D---- C:\Program Files\Overland
2009-04-10 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-04-09 17:20:53 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\SSH
2009-04-09 12:19:04 ----D---- C:\WINDOWS\pss
2009-04-09 03:08:33 ----A---- C:\WINDOWS\{00000002-00000000-00000003-00001102-00000008-10011102}.BAK
2009-04-09 03:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-09 03:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-09 03:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-09 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-09 03:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-09 03:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-04-09 03:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-09 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-09 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-09 03:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-09 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-04-09 03:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-09 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-09 03:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-09 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-09 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-09 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-09 03:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-09 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-09 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-04-09 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-09 03:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-09 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-09 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2009-04-09 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-09 03:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-09 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-09 03:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-09 03:00:32 ----D---- C:\Program Files\MSXML 4.0
2009-04-09 03:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$

======List of files/folders modified in the last 1 months======

2009-05-08 15:24:01 ----D---- C:\WINDOWS\Prefetch
2009-05-08 15:06:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-08 13:53:54 ----D---- C:\WINDOWS\Temp
2009-05-07 22:33:07 ----D---- C:\Pics4
2009-05-07 21:59:54 ----D---- C:\Program Files\Mozilla Firefox
2009-05-05 20:24:13 ----RD---- C:\Program Files
2009-05-05 20:01:37 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\Adobe
2009-05-05 16:10:47 ----SHD---- C:\WINDOWS\Installer
2009-05-05 15:36:20 ----SD---- C:\Documents and Settings\Nadia Hemady\Application Data\Microsoft
2009-05-02 01:38:39 ----D---- C:\WINDOWS
2009-05-02 01:34:50 ----D---- C:\Program Files\Common Files
2009-05-02 01:34:42 ----D---- C:\WINDOWS\system32
2009-04-30 23:54:31 ----A---- C:\WINDOWS\system.ini
2009-04-30 22:44:48 ----HD---- C:\WINDOWS\inf
2009-04-30 22:44:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-30 22:42:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-30 22:26:06 ----D---- C:\WINDOWS\system32\drivers
2009-04-30 21:18:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-28 21:57:04 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\Ahead
2009-04-16 03:16:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 03:11:11 ----D---- C:\WINDOWS\system32\config
2009-04-16 03:10:52 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 03:10:51 ----D---- C:\WINDOWS\AppPatch
2009-04-16 03:10:51 ----D---- C:\Program Files\Viewpoint
2009-04-16 03:04:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-16 03:03:47 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 03:02:43 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 03:01:31 ----D---- C:\Program Files\Internet Explorer
2009-04-13 22:15:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-13 22:15:21 ----RSD---- C:\WINDOWS\Fonts
2009-04-13 22:12:52 ----D---- C:\WINDOWS\pchealth
2009-04-13 22:11:03 ----D---- C:\WINDOWS\system
2009-04-12 10:32:50 ----D---- C:\WINDOWS\WinSxS
2009-04-11 13:01:50 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-11 12:59:34 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-09 16:57:07 ----D---- C:\WINDOWS\Help
2009-04-09 12:21:47 ----SH---- C:\boot.ini
2009-04-09 12:21:47 ----A---- C:\WINDOWS\win.ini
2009-04-09 12:18:25 ----SD---- C:\WINDOWS\Tasks
2009-04-09 11:56:35 ----D---- C:\Documents and Settings\Nadia Hemady\Application Data\Mozilla
2009-04-09 03:23:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-09 03:21:42 ----D---- C:\WINDOWS\system32\Macromed
2009-04-09 03:21:41 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-09 03:08:51 ----D---- C:\WINDOWS\security
2009-04-09 03:03:21 ----D---- C:\Program Files\Messenger

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2007-04-18 98600]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2007-04-10 511272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-04-10 520488]
R3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2007-04-12 546048]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2007-04-10 14632]
R3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2007-04-12 560384]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2007-04-10 157480]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2007-04-10 92968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2007-04-10 797992]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-08 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-08 21744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-04-10 126760]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2007-04-10 347128]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2007-04-10 163112]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-11 68096]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 Isavpdsvms;Isavpdsvms; C:\WINDOWS\system32\drivers\nmnt.sys [2004-08-04 40320]

EOF

And the info.txt:

info.txt logfile of random's system information tool 1.06 2009-05-08 15:24:12

======Uninstall list======

â€™sÅ Â¿â€œdÅ½Ã”â€™jâ€šQÂ@â€œ`ÂÃ â€šÃ–â€šÃŒÆ’â€°Æ’CÆ’iÂ[-->C:\Program Files\GuiltyPLUS\â€™sÅ Â¿â€œdÅ½Ã”â€™jâ€šQ\UNINST.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABC (remove only)-->C:\Program Files\ABC\Uninstall.exe
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Amorous Professor Cherry v1.0-->"C:\Program Files\Amorous Professor Cherry\unins000.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Software Update-->MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
mIRC-->"c:\mirc\mirc32.exe" -uninstall
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /I{5DBD3F5B-B4DD-4C89-8436-A9391C471033}
Nero Sipps-->C:\WINDOWS\UNNeroSipps.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Paint Shop Pro 4-->C:\PROGRA~1\PAINTS~1\UNWISE.EXE C:\PROGRA~1\PAINTS~1\INSTALL.LOG
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
R-Studio 4.6-->C:\Program Files\R-Studio\Uninstall.exe
Scriptocean Slideshow 1-->C:\Program Files\Scriptocean\Javascript Slideshow\uninst.exe
SeaMonkey (1.1.15)-->C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.15 (en)"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Skypeâ„¢ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
SWF & FLV Player 3.0 (build 3.0.33.5106)-->"C:\Program Files\Eltima Software\SWF & FLV Player\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090507-0]

======System event log======

Computer Name: GERANIUM
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 99
Source Name: Tcpip
Time Written: 20090408102737.000000-240
Event Type: warning
User:

Computer Name: GERANIUM
Event Code: 20
Message: Printer Driver hp photosmart 7700 series for Windows NT x86 Version-3 was added or updated. Files:- hpz2ku09.dll, hpzpm309.dll, hph7700.dat, hphpht05.hlp, hpzcfg09.exe, hpzcoi09.dll, hpzcon09.dll, hpzeng09.exe, hpzflt09.dll, hpzime09.dll, hpzjui09.dll, hpzlnt09.dll, hpzpre09.exe, hpzr3209.dll, hpzrer09.dll, hpzres09.dll, hpzrm309.dll, hpzstc09.exe, hpzstw09.exe, hpztbi09.dll, hpztbu09.exe, hpztbx09.exe, hpzvip09.dll, hph140.dat, hph240.dat, hph7200.dat, hph7600.dat, hph7900.dat.

Record Number: 92
Source Name: Print
Time Written: 20090408094656.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GERANIUM
Event Code: 20
Message: Printer Driver hp photosmart 7700 series for Windows NT x86 Version-3 was added or updated. Files:- hpz2ku09.dll, hpzpm309.dll, hph7700.dat, hphpht05.hlp, hpzcfg09.exe, hpzcoi09.dll, hpzcon09.dll, hpzeng09.exe, hpzflt09.dll, hpzime09.dll, hpzjui09.dll, hpzlnt09.dll, hpzpre09.exe, hpzr3209.dll, hpzrer09.dll, hpzres09.dll, hpzrm309.dll, hpzstc09.exe, hpzstw09.exe, hpztbi09.dll, hpztbu09.exe, hpztbx09.exe, hpzvip09.dll, hph140.dat, hph240.dat, hph7200.dat, hph7600.dat, hph7900.dat.

Record Number: 91
Source Name: Print
Time Written: 20090408094652.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GERANIUM
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 88
Source Name: W32Time
Time Written: 20090408085242.000000-240
Event Type: warning
User:

Computer Name: GERANIUM
Event Code: 1005
Message: Your computer has detected that the IP address 192.168.0.13 for the Network Card
with network address 0016764256E0 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Record Number: 5
Source Name: Dhcp
Time Written: 20090407190421.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: GERANIUM
Event Code: 1000
Message: Faulting application mplayerc.exe, version 1.1.796.0, faulting module mplayerc.exe, version 1.1.796.0, fault address 0x0017e53e.

Record Number: 95
Source Name: Application Error
Time Written: 20090502142900.000000-240
Event Type: error
User:

Computer Name: GERANIUM
Event Code: 1000
Message: Faulting application mplayerc.exe, version 1.1.796.0, faulting module mplayerc.exe, version 1.1.796.0, fault address 0x0017e53e.

Record Number: 93
Source Name: Application Error
Time Written: 20090502142839.000000-240
Event Type: error
User:

Computer Name: GERANIUM
Event Code: 1000
Message: Faulting application mplayerc.exe, version 1.1.796.0, faulting module mplayerc.exe, version 1.1.796.0, fault address 0x0017e53e.

Record Number: 91
Source Name: Application Error
Time Written: 20090502142825.000000-240
Event Type: error
User:

Computer Name: GERANIUM
Event Code: 1517
Message: Windows saved user GERANIUM\Nadia Hemady registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 87
Source Name: Userenv
Time Written: 20090430224201.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GERANIUM
Event Code: 1000
Message: Faulting application mplayerc.exe, version 1.1.796.0, faulting module mplayerc.exe, version 1.1.796.0, fault address 0x001f8158.

Record Number: 85
Source Name: Application Error
Time Written: 20090430214239.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

EOF

And the Kaspersky Report:

KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 9, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 09, 2009 00:54:04
Records in database: 2147441

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 129179
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 03:28:36

File name / Threat name / Threats count
C:\mIRC\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1
C:\Recovered Files\Pics3\mp3\Eudora.zip Infected: Email-Worm.VBS.KakWorm 1
C:\Recovered Files\Pics3\Proggies3\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Recovered Files\Pics3\Proggies3\mirc63.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1

The selected area was scanned.

Katana · May 2009

There is no obvious sign of active infection, let's make sure nothing is lurking

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\Recovered Files\Pics3\mp3\Eudora.zip
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

nadiaff · May 2009

Here's the gmer log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-09 22:31:20
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

SSDT spcc.sys ZwEnumerateKey [0xBA6C5CA4]
SSDT spcc.sys ZwEnumerateValueKey [0xBA6C6032]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89D781F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat 88C7A500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Katana · May 2009

Do you have the Virus Total results ?

I doubt that your problems are malware related, you will need to post in a mIRC related forum.

nadiaff · May 2009

The file was too big to upload, apparently. I don't think the problem is malware either. I think I will try the IRC related forums instead. Thank you so much for your time and help, though!

My PC maybe has malware?

Comments