IE6 and 7 being redirected

**jeff1955** · 2008-08-28, 13:33

Hey All,

I have just recovered from an infection of good ol' VirtuMonde, I have removed it (I think) but have been left with one final problem. Whenever I use Google and then choose an item from the returned list my browser (currently IE6) jumps to a different page than the one requested. Very often the page is related to my search but not always. The page is then 'locked' - it returns to itself when I use the Back button. Returning to the Google search list and clicking the desired page link a second time invariably takes me to the correct page. I have copied the HiJack This file below.

Jeff Simpson

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:40, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Policies\Explorer\Run: [j1USWo1U4S] C:\Documents and Settings\All Users\Application Data\axchebad\klsrqzof.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137062757812
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SysAdmInfo - {2856AF2A-2E9C-0AD7-82FB-0A2F4F7A40C1} - C:\Program Files\oibnwse\SysAdmInfo.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 6797 bytes

**Shaba** · 2008-08-29, 10:02

Hi jeff1955

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

**jeff1955** · 2008-08-30, 10:16

Thx for the attention Shaba - RSIT files pasted below as requested;

Logfile of random's system information tool (written by random/random)
Run by Jeff at 2008-08-30 09:13:02
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 103 GB (68%) free of 151 GB
Total RAM: 1023 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:13:27, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeff\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Jeff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Policies\Explorer\Run: [j1USWo1U4S] C:\Documents and Settings\All Users\Application Data\axchebad\klsrqzof.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137062757812
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SysAdmInfo - {2856AF2A-2E9C-0AD7-82FB-0A2F4F7A40C1} - C:\Program Files\oibnwse\SysAdmInfo.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 7277 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"=C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe [2008-06-17 234736]
"cctray"=C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe [2008-08-02 181488]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-04-10 1107848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"j1USWo1U4S"=C:\Documents and Settings\All Users\Application Data\axchebad\klsrqzof.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SysAdmInfo - {2856AF2A-2E9C-0AD7-82FB-0A2F4F7A40C1} - C:\Program Files\oibnwse\SysAdmInfo.dll [2008-08-20 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-09-06 79408]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe"="C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe:*:Enabled:Links 2003"
"C:\WINDOWS\System32\dplaysvr.exe"="C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Diversions Entertainment\One Must Fall - Battlegrounds - Demo\Engine\OMFBG.EXE"="C:\Program Files\Diversions Entertainment\One Must Fall - Battlegrounds - Demo\Engine\OMFBG.EXE:*:Enabled:OMFBG"
"C:\Program Files\NetMeeting\CONF.EXE"="C:\Program Files\NetMeeting\CONF.EXE:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\MSN Gaming Zone\zclient.exe"="C:\Program Files\MSN Gaming Zone\zclient.exe:*:Enabled:Zone Datafile"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\nanoCom Corporation\iSpQ VideoChat\iSpQVideoChat8.exe"="C:\Program Files\nanoCom Corporation\iSpQ VideoChat\iSpQVideoChat8.exe:*:Enabled:Video chat software for desktop computers."
"C:\WINDOWS\System32\mmc.exe"="C:\WINDOWS\System32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE:*:Enabled:Age of Empires"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Valve\Steam\SteamApps\jeff1955\counter-strike source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\jeff1955\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\dwyco2\cdc32.exe"="C:\Program Files\dwyco2\cdc32.exe:*:Enabled:dwyco cdc32 for Windows95/98/ME/NT4/2K/XP"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Razorworks\aphavoc\aphavoc.exe"="C:\Razorworks\aphavoc\aphavoc.exe:*:Enabled:aphavoc"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\ubi.com\Core\GS4.exe"="C:\Program Files\ubi.com\Core\GS4.exe:*:Enabled:ubi.com Game Service"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-08-30 09:13:02 ----D---- C:\rsit
2008-08-29 20:45:48 ----HD---- C:\WINDOWS\ie7
2008-08-29 17:54:52 ----D---- C:\Program Files\Opera
2008-08-29 07:49:23 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-26 21:15:12 ----HD---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-26 21:14:55 ----HD---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-08-25 12:27:28 ----D---- C:\Program Files\Trend Micro
2008-08-23 15:53:52 ----D---- C:\Documents and Settings\Jeff\Application Data\Malwarebytes
2008-08-23 15:53:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 15:53:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-23 12:57:08 ----D---- C:\Program Files\Windows Live Safety Center
2008-08-22 15:43:41 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-22 15:43:29 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-22 15:43:29 ----D---- C:\Documents and Settings\Jeff\Application Data\SUPERAntiSpyware.com
2008-08-22 15:43:07 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 15:33:06 ----D---- C:\Temp
2008-08-20 13:47:15 ----A---- C:\WINDOWS\system32\sqyqwaha.tmp
2008-08-20 13:47:11 ----D---- C:\Program Files\oibnwse
2008-08-20 13:47:00 ----D---- C:\Documents and Settings\All Users\Application Data\axchebad
2008-08-14 10:03:04 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 10:02:54 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 10:02:43 ----HD---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 10:02:32 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 10:02:21 ----HD---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 10:01:52 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 10:00:52 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-07-21 17:03:50 ----D---- C:\Program Files\Digital Blue
2008-07-09 10:00:44 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-20 07:29:40 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-17 21:20:01 ----D---- C:\Program Files\Common Files\PC Tools
2008-06-17 21:12:43 ----D---- C:\Program Files\Spyware Doctor
2008-06-11 07:22:46 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-11 07:22:40 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-11 07:22:34 ----HD---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-11 07:22:25 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-09 11:40:44 ----A---- C:\WINDOWS\system32\WPPFilt.dll

List of drivers

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\system32\System32\Drivers\avg7core.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\system32\System32\Drivers\avgclean.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 MemAlloc;MemAlloc; C:\WINDOWS\system32\DRIVERS\memalloc.sys [2001-08-28 10016]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\system32\System32\drivers\prodrv06.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-10 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-06-17 21488]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-06-17 26352]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-06-17 32240]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-06-17 21104]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-04-28 16512]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-11-27 730700]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 SaiHFF52;SaiHFF52; C:\WINDOWS\system32\DRIVERS\SaiHFF52.sys [2004-07-26 56576]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-07-26 15616]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-07-26 26752]
R3 SaiUFF52;SaiUFF52; C:\WINDOWS\system32\DRIVERS\SaiUFF52.sys [2004-07-26 19584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-10 108368]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay; C:\WINDOWS\system32\DRIVERS\lstone2k.sys [2002-01-09 238048]
S2 TVSPNVSL;TVSPNVSL; \??\C:\WINDOWS\system32\drivers\TVSPNVSL.sys []
S3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2002-06-06 53168]
S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2002-06-06 743136]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dbustrcm;dbustrcm; \??\C:\DOCUME~1\Jeff\LOCALS~1\Temp\dbustrcm.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 phil2vid;Philips USB VGA Camera; C:\WINDOWS\system32\DRIVERS\philcam2.sys [2001-08-17 173696]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-09-06 312880]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-12-09 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-06-05 49664]
R2 CAISafe;CAISafe; C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe [2008-02-01 144696]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-04-10 337800]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-04-17 1017224]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe [2008-06-17 251120]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe [2008-08-02 214256]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2002-10-12 110677]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 2008-08-30 09:13:29

Uninstall list

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
AIM 6-->C:\Program Files\AIM6\uninst.exe
Audacity 1.3.3 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AvPropPlugin 1.0.0.1-->C:\PROGRA~1\AVPROP~1\UNWISE.EXE C:\PROGRA~1\AVPROP~1\INSTALL.LOG
BT Home Hub-->C:\Program Files.\BTHomeHub.\Uninstall.exe
CA Anti-Virus-->"C:\Program Files\CA\eTrust Internet Security Suite\caunst.exe" /u /product=av
CA Anti-Virus-->C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\unvet32.exe
Digital Blue(tm) PC Digital Movie Creator 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D21746F-7E24-4BB9-B40D-48498C01ABBE}\setup.exe" -l0x9
DIGITAL CAMERA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC946076-35F3-472F-BB41-17B1323F832F}\Setup.exe"
DivX Decoder Filter-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
Dwyco Video Conferencing-->"c:\program files\dwyco2\unins000.exe"
Flight Unlimited III-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Flight3\flightIIIu.log"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Innovative System Optimizer - Platinum Edition version 2-->"C:\Program Files\Innovative Solutions\Innovative System Optimizer - Platinum Edition version 2\unins000.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Lexmark Z600 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Melody Assistant-->C:\Melody\Uninstal\Uninstal.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Links 2003-->"C:\Program Files\Microsoft Games\Links 2003\UNINSTAL.EXE" /runtemp /addremove
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Morrowind-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\setup.exe" -l0x9
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Novel Writer Standard-->"C:\Program Files\Novel Writer Standard\UninstallerData\Uninstall Novel Writer Standard.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PaperPort 8.0 SE-->MsiExec.exe /I{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SCRABBLE® 2005 EDITION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29031977-EF5E-446E-B3E1-E66B6FA3895D}\setup.exe" -l0x9
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Serif AlbumPlus 4-->MsiExec.exe /I{C68F6494-4A78-4B02-BE0D-A0CDE8E2EAB1}
Serif ImpactPlus 5.0 Resource CD-ROM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F367848-4A9C-4400-A17C-DCDF5C5537B8}\Setup.exe" -l0x9
Serif ImpactPlus 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBB567E6-73B5-40B1-B46C-9B13DA13A3A5}\Setup.exe" -l0x9
Serif PagePlus 10.0 Resource CD-ROM-->MsiExec.exe /X{BB64E0B7-A10E-4720-AD15-924A84165EA3}
Serif PagePlus 10.0-->MsiExec.exe /I{93D207F3-905B-4AAC-8A56-FBF67766B240}
Serif PagePlus 11 Resources-->MsiExec.exe /I{C9A391A7-E3C0-45B3-9A8E-1D878C9A3997}
Serif PagePlus 11-->MsiExec.exe /I{0B884C9B-5D85-4461-88EE-826E1BB33008}
Serif PhotoManager 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{948ACA9A-2539-499D-A78B-99BEE8FB27B4}\setup.exe"
Serif PhotoPlus 10-->MsiExec.exe /I{30EB024E-9FD0-45E6-849D-30CC6F1AF2F1}
Serif WebManager 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE9A7847-4496-451B-B39F-CF2C11AFABE5}\setup.exe"
Serif WebPlus 10 Resources-->MsiExec.exe /I{A869A1DA-9571-4287-B170-4A7246994C84}
Serif WebPlus 10-->MsiExec.exe /I{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}
Serif WebPlus X2 Resources-->MsiExec.exe /I{05BC428A-F2A5-4E11-8130-10C3237FD67B}
Serif WebPlus X2-->MsiExec.exe /I{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SST Programming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}\setup.exe" AddRem
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SureClean Professional-->C:\PROGRA~1\PANICW~1\SURECL~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\SURECL~1\INSTALL.LOG
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
TextBridge Pro 9.0-->C:\Program Files\TextBridge Pro 9.0\Bin\Setup.exe -y -f"C:\Program Files\TextBridge Pro 9.0\Bin\Uninst.ins"
ubi.com-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xerox One Touch-->C:\PROGRA~1\XEROXO~1\UNWISE.EXE C:\PROGRA~1\XEROXO~1\INSTALL.LOG
Zipeg-->"C:\Program Files\Zipeg\zipeg.exe" -uninstall

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AV: Spyware Doctor with AntiVirus
AV: CA Anti-Virus
AV: AVG 7.5.524 (disabled)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0801
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

**Shaba** · 2008-08-30, 11:06

Are both AVG and CA up-to-date?

**jeff1955** · 2008-08-30, 14:00

They are both up to date

**Shaba** · 2008-08-30, 14:03

Then you should uninstall one of them, likely AVG7 if you have paid for CA.

Only one antivirus should be used; using multiple causes troubles and slowness.

Please post back a fresh HijackThis log after that.

**jeff1955** · 2008-08-30, 17:30

OK, AVG uninstalled and computer re-booted. HiJackThis file pasted below;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:22, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Policies\Explorer\Run: [j1USWo1U4S] C:\Documents and Settings\All Users\Application Data\axchebad\klsrqzof.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137062757812
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SysAdmInfo - {2856AF2A-2E9C-0AD7-82FB-0A2F4F7A40C1} - C:\Program Files\oibnwse\SysAdmInfo.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 6767 bytes

**Shaba** · 2008-08-30, 17:47

Open HijackThis, click do a system scan only and checkmark these:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [j1USWo1U4S] C:\Documents and Settings\All Users\Application Data\axchebad\klsrqzof.exe
O21 - SSODL: SysAdmInfo - {2856AF2A-2E9C-0AD7-82FB-0A2F4F7A40C1} - C:\Program Files\oibnwse\SysAdmInfo.dll

Close all windows including browser and press fix checked.

Reboot.

Delete these:

C:\WINDOWS\system32\sqyqwaha.tmp
C:\Program Files\oibnwse
C:\Documents and Settings\All Users\Application Data\axchebad

Empty Recycle Bin.

Re-run rsit.

Post rsit log.

**jeff1955** · 2008-08-30, 20:09

OK Shaba - all done as requested

R3 - SearchHook ...
04 - HKLM\...\Policies ...
021 - SSDOL:SysAdmInfo ...

... checked and fixed in HiJackThis

Rebooted

C:Windows\system32\sqyqwaha.tmp
C:\Program Files\oibnwse
C:\Docs and Settings\All Users\Application Data\axchebad

...all deleted

Recycle Bin Emptied

RSIT log pasted below;

Logfile of random's system information tool (written by random/random)
Run by Jeff at 2008-08-30 19:04:23
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 103 GB (68%) free of 151 GB
Total RAM: 1023 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:49, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Jeff\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Jeff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137062757812
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 6406 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"=C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe [2008-06-17 234736]
"cctray"=C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe [2008-08-02 181488]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-04-10 1107848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe"="C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe:*:Enabled:Links 2003"
"C:\WINDOWS\System32\dplaysvr.exe"="C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Diversions Entertainment\One Must Fall - Battlegrounds - Demo\Engine\OMFBG.EXE"="C:\Program Files\Diversions Entertainment\One Must Fall - Battlegrounds - Demo\Engine\OMFBG.EXE:*:Enabled:OMFBG"
"C:\Program Files\NetMeeting\CONF.EXE"="C:\Program Files\NetMeeting\CONF.EXE:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\MSN Gaming Zone\zclient.exe"="C:\Program Files\MSN Gaming Zone\zclient.exe:*:Enabled:Zone Datafile"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\nanoCom Corporation\iSpQ VideoChat\iSpQVideoChat8.exe"="C:\Program Files\nanoCom Corporation\iSpQ VideoChat\iSpQVideoChat8.exe:*:Enabled:Video chat software for desktop computers."
"C:\WINDOWS\System32\mmc.exe"="C:\WINDOWS\System32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE:*:Enabled:Age of Empires"
"C:\Program Files\Valve\Steam\SteamApps\jeff1955\counter-strike source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\jeff1955\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\dwyco2\cdc32.exe"="C:\Program Files\dwyco2\cdc32.exe:*:Enabled:dwyco cdc32 for Windows95/98/ME/NT4/2K/XP"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Razorworks\aphavoc\aphavoc.exe"="C:\Razorworks\aphavoc\aphavoc.exe:*:Enabled:aphavoc"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\ubi.com\Core\GS4.exe"="C:\Program Files\ubi.com\Core\GS4.exe:*:Enabled:ubi.com Game Service"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-08-30 16:19:48 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-30 09:13:02 ----D---- C:\rsit
2008-08-29 20:45:48 ----HD---- C:\WINDOWS\ie7
2008-08-29 17:54:52 ----D---- C:\Program Files\Opera
2008-08-29 07:49:23 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-26 21:15:12 ----HD---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-26 21:14:55 ----HD---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-08-25 12:27:28 ----D---- C:\Program Files\Trend Micro
2008-08-23 15:53:52 ----D---- C:\Documents and Settings\Jeff\Application Data\Malwarebytes
2008-08-23 15:53:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 15:53:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-23 12:57:08 ----D---- C:\Program Files\Windows Live Safety Center
2008-08-22 15:43:41 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-22 15:43:29 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-22 15:43:29 ----D---- C:\Documents and Settings\Jeff\Application Data\SUPERAntiSpyware.com
2008-08-22 15:43:07 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 15:33:06 ----D---- C:\Temp
2008-08-14 10:03:04 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 10:02:54 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 10:02:43 ----HD---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 10:02:32 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 10:02:21 ----HD---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 10:01:52 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 10:00:52 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-07-21 17:03:50 ----D---- C:\Program Files\Digital Blue
2008-07-09 10:00:44 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-20 07:29:40 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-17 21:20:01 ----D---- C:\Program Files\Common Files\PC Tools
2008-06-17 21:12:43 ----D---- C:\Program Files\Spyware Doctor
2008-06-11 07:22:46 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-11 07:22:40 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-11 07:22:34 ----HD---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-11 07:22:25 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-09 11:40:44 ----A---- C:\WINDOWS\system32\WPPFilt.dll

List of drivers

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 MemAlloc;MemAlloc; C:\WINDOWS\system32\DRIVERS\memalloc.sys [2001-08-28 10016]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\system32\System32\drivers\prodrv06.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-10 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-06-17 21488]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-06-17 26352]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-06-17 32240]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-06-17 21104]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-04-28 16512]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-11-27 730700]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 SaiHFF52;SaiHFF52; C:\WINDOWS\system32\DRIVERS\SaiHFF52.sys [2004-07-26 56576]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-07-26 15616]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-07-26 26752]
R3 SaiUFF52;SaiUFF52; C:\WINDOWS\system32\DRIVERS\SaiUFF52.sys [2004-07-26 19584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-10 108368]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay; C:\WINDOWS\system32\DRIVERS\lstone2k.sys [2002-01-09 238048]
S2 TVSPNVSL;TVSPNVSL; \??\C:\WINDOWS\system32\drivers\TVSPNVSL.sys []
S3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2002-06-06 53168]
S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2002-06-06 743136]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dbustrcm;dbustrcm; \??\C:\DOCUME~1\Jeff\LOCALS~1\Temp\dbustrcm.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 phil2vid;Philips USB VGA Camera; C:\WINDOWS\system32\DRIVERS\philcam2.sys [2001-08-17 173696]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 CAISafe;CAISafe; C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe [2008-02-01 144696]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-04-10 337800]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-04-17 1017224]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe [2008-06-17 251120]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe [2008-08-02 214256]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2002-10-12 110677]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

**Shaba** · 2008-08-30, 20:30

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

Thread: IE6 and 7 being redirected

Thread Tools

Display

IE6 and 7 being redirected

Posting Permissions