Results 1 to 6 of 6

Thread: Trojans, Malware ('unwanted' desktop shortcuts to pornography!!!)

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    3

    Default Trojans, Malware ('unwanted' desktop shortcuts to pornography!!!)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:02:09, on 16/09/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Napster\napster.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Users\Tasha\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dropbox\Dropbox.exe
    C:\Windows\system32\taskeng.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.28.5.10:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.tippinst.ie;*.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: CodecPlugin Class - {9E9CD287-452D-40A4-A657-506D48C7D9A4} - C:\Windows\system32\CodecBHO.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\Windows\TEMP\E_S32AA.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [\YUR516B.exe] C:\Windows\system32\YUR516B.exe
    O4 - HKLM\..\Run: [\YUR537D.exe] C:\Windows\system32\YUR537D.exe
    O4 - HKLM\..\Run: [\YUR57F0.exe] C:\Windows\system32\YUR57F0.exe
    O4 - HKLM\..\Run: [\YUR5BB7.exe] C:\Windows\system32\YUR5BB7.exe
    O4 - HKLM\..\Run: [\YURDE01.exe] C:\Windows\system32\YURDE01.exe
    O4 - HKLM\..\Run: [\YUR5AE0.exe] C:\Windows\system32\YUR5AE0.exe
    O4 - HKLM\..\Run: [\YUR69D9.exe] C:\Windows\system32\YUR69D9.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Tasha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [\YUR516B.exe] C:\Windows\system32\YUR516B.exe
    O4 - HKCU\..\Run: [\YUR537D.exe] C:\Windows\system32\YUR537D.exe
    O4 - HKCU\..\Run: [\YUR57F0.exe] C:\Windows\system32\YUR57F0.exe
    O4 - HKCU\..\Run: [\YUR5BB7.exe] C:\Windows\system32\YUR5BB7.exe
    O4 - HKCU\..\Run: [\YURDE01.exe] C:\Windows\system32\YURDE01.exe
    O4 - HKCU\..\Run: [\YUR5AE0.exe] C:\Windows\system32\YUR5AE0.exe
    O4 - HKCU\..\Run: [\YUR69D9.exe] C:\Windows\system32\YUR69D9.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
    O4 - Startup: Registration .LNK = C:\Users\Tasha\Saved Games\Dark Messiah of Might and Magic\RegistrationReminder.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13565 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi TashaG

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


    Post:

    - mbam log
    - rsit logs (taken after mbam run)
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Sep 2008
    Posts
    3

    Default MBAM Log report

    Malwarebytes' Anti-Malware 1.28
    Database version: 1166
    Windows 6.0.6000

    18/09/2008 13:04:00
    mbam-log-2008-09-18 (13-04-00).txt

    Scan type: Full Scan (C:\|D:\|E:\|)
    Objects scanned: 234381
    Time elapsed: 2 hour(s), 53 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 11
    Registry Values Infected: 14
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 14

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\Windows\System32\CodecBHO.dll (Trojan.FakeAlert) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\TypeLib\{fa359555-6268-45cd-8819-614a8c3a7c38} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ac40f157-ced4-472f-865f-fd52988eeb05} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e24112e5-2605-49a3-a376-783a47c0119a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9e9cd287-452d-40a4-a657-506d48c7d9a4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e9cd287-452d-40a4-a657-506d48c7d9a4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{da632151-1187-4f0d-aea4-d26b31752872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur516b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur537d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur57f0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5bb7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurde01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5ae0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur69d9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur516b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur537d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur57f0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5bb7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurde01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5ae0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur69d9.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAntivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

    Files Infected:
    C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\VSO\ConvertX\3\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAntivirus\microAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    C:\Windows\System32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\System32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\System32\CodecBHO.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\Users\Tasha\Desktop\MicroAntivirus.lnk (Rogue.XPertAntivirus) -> Quarantined and deleted successfully.

  4. #4
    Junior Member
    Join Date
    Sep 2008
    Posts
    3

    Default info and log.txt

    info.txt logfile of random's system information tool 1.02 2008-09-18 13:21:12

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Windows\IsUninst.exe -fC:\Windows\USBUnins.isu
    Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
    Add or Remove Adobe Creative Suite 3 Production Premium-->C:\Program Files\Common Files\Adobe\Installers\8c7a1e2e9e6a7b8aa308ba908bbd133\Setup.exe
    Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
    Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{73E81E9B-7319-43AD-B7CC-1C61405E5089}
    Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
    Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Creative Suite 3 Production Premium-->MsiExec.exe /I{B4608CFE-B2EA-4675-9E74-CA5BA83C6DEA}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
    Adobe Encore CS3 Library-->MsiExec.exe /I{F1D93F5B-881F-49E3-BA56-B4B8FA991059}
    Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
    Adobe Encore DVD 1.5-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BD31B80-7E9E-4FAF-B911-0AC31FB94BF6}\setup.exe" -l0x0009
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
    Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
    Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Glyphlet Creation Tool CS3-->MsiExec.exe /I{243DA072-8E39-424A-86A3-F63152021383}
    Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
    Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
    Adobe OnLocation CS3-->C:\Program Files\InstallShield Installation Information\{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}\setup.exe -runfromtemp -l0x0409
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
    Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
    Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
    Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
    Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Adobe Setup-->MsiExec.exe /I{ABB48460-97A1-4D4C-BC73-E083C5CE732B}
    Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
    Adobe Soundbooth CS3 Scores-->MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}
    Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
    Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
    Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
    AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
    Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
    Audacity 1.3.4 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
    AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Cleaner XL 1.5-->C:\Windows\unvise32.exe C:\Program Files\Autodesk\Cleaner XL 1.5\uninstal.log
    CodecInstaller 2.5.7-->C:\Program Files\JockerSoft\CodecInstaller\uninst.exe
    Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
    ConvertXtoDVD 3.0.0.7-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
    CuteFTP 8 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Pro-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX User Guide-->C:\Program Files\DivX\DivXUserGuideUninstall /USERGUIDE
    Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
    Dropbox-->"C:\Program Files\Dropbox\uninstall.exe"
    EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    exPressit S.E. 3.0-->"C:\Program Files\exPressit S.E. 3.0\UninstallerData\Uninstall exPressit S.E. 3.0.exe"
    FileZilla Client 3.0.9.3-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    Flickr Uploadr 3.0.5-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
    FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
    Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Google Gears-->MsiExec.exe /I{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
    Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
    Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
    HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
    HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
    HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
    HP Help and Support-->MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
    HP Integrated Module with Bluetooth wireless technology 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
    HP My Display-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x9 -removeonly
    HP Quick Launch Buttons 6.10 B9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
    HP QuickPlay 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
    HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
    HP User Guide 0049-->MsiExec.exe /I{3E3A110A-7FAE-4DC0-8E39-BAFFE89724B6}
    HP Wireless Assistant-->MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
    Intel A/V Codecs V2.0-->C:\Windows\IsUninst.exe -fC:\Windows\system32\CDUninst.isu
    Intel(R) Network Connections Drivers-->Prounstl.exe
    iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
    iZotope Ozone 3-->"C:\Program Files\iZotope\Ozone 3\unins000.exe"
    iZotope RX-->"C:\Program Files\iZotope\RX\unins000.exe"
    Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Levelator-->"C:\Program Files\Levelator\unins000.exe"
    Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
    Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Mastering Effects Bundle for Sound Forge-->"C:\Program Files\iZotope\SoundForgeMasteringBundle\unins000.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft NetMeeting 2.1-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msnetmtg.inf,NetMtg.Remove.NT
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
    Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
    Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
    Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Web Publishing Wizard-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\wpfull.inf,WebPostUninstall
    Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
    Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mp3 Tag Assistant Pro v2.91-->"C:\Program Files\AssistantTools.com\Mp3 Tag Assistant Pro\unins000.exe"
    Mp3tag v2.41-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MyFonts Order M1004823-->MsiExec.exe /I{3111AE0B-DDF4-BA40-2A9C-72F1B5A325DC}
    MyFonts Order M635946-->MsiExec.exe /I{0023A1E3-447F-DB31-8365-36CC903F1310}
    Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
    Napster-->C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
    Nero Media Player-->C:\Windows\UNNMP.exe /UNINSTALL
    Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NeroVision Express 2-->C:\Windows\UNNeroVision.exe /UNINSTALL
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    Opera 9.27-->MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    PDF Settings-->MsiExec.exe /I{DC017035-1939-425F-8F86-63B462C76C6A}
    Pivot Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x9 -removeonly
    PowerCinema NE for Everio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39CEE1F2-12B6-4C50-9131-04BFCA110578}\setup.exe" -uninstall
    PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
    PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Riva FLV Player-->"C:\Program Files\Riva\Riva FLV Player\unins000.exe"
    ROS Offline Application-->"C:\Program Files\ros\Uninstall_ROS Offline Application\Uninstall ROS Offline Application.exe"
    Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
    Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
    Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
    Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
    Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
    Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
    Sage Instant Accounts V11.01-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0ED61325-8B7A-4816-B5A5-E2FF59C75F4B}
    Sage MIS 3.01-->C:\Windows\IsUninst.exe -f"C:\Program Files\Informer50\Uninst.isu"
    SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
    Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SmartFTP Client 3.0.1015.6-->"C:\Program Files\SmartFTP Client\unins000.exe"
    Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Sony ACID Pro 6.0-->MsiExec.exe /X{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}
    Sony CD Architect 5.2-->MsiExec.exe /X{84C7A433-CED3-4410-9D69-0BF5486B9631}
    Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
    Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
    Sony Ericsson PC Suite-->C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
    Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
    Sony Media Manager 2.2-->MsiExec.exe /X{2B5A75F0-FD85-4094-AB00-94902398D192}
    Sony Noise Reduction Plug-In 2.0h-->MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
    Sony Sound Forge 9.0-->MsiExec.exe /X{04E1BD4E-7256-4C6D-8BEF-585827B10FF6}
    Sony Vegas Movie Studio Platinum 8.0-->MsiExec.exe /X{B8E8C8EC-5C22-4B02-9C02-D851262F574C}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Streaming Media Viewer-->C:\Windows\IsUninst.exe -fC:\Windows\SMUninst.ins
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
    Windows Essentials Media Codec Pack 1.0-->C:\Program Files\Essentials Codec Pack\uninst.exe
    Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Mobile 6.1 Standard Emulator Images - USA-->MsiExec.exe /I{F4176671-268C-48DF-8BD2-87EDA4870CAA}
    Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

    ======Security center information======

    AV: AVG Anti-Virus Free
    AS: AVG Anti-Virus Free (disabled)
    AS: Spybot - Search and Destroy
    AS: Windows Defender

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=0f06
    "NUMBER_OF_PROCESSORS"=2
    "OnlineServices"=Online Services
    "Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\iZotope\Runtimes;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
    "PCBRAND"=Pavilion
    "PLATFORM"=MCD
    "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

    -----------------EOF-----------------

    Logfile of random's system information tool 1.02 (written by random/random)
    Run by Tasha at 2008-09-18 13:20:58
    Microsoft® Windows Vista™ Ultimate
    System drive C: has 25 GB (17%) free of 147 GB
    Total RAM: 2045 MB (49% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:21:10, on 18/09/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Napster\napster.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Tasha\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dropbox\Dropbox.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Tasha\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Tasha.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.28.5.10:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.tippinst.ie;*.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\Windows\TEMP\E_S32AA.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Tasha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
    O4 - Startup: Registration .LNK = C:\Users\Tasha\Saved Games\Dark Messiah of Might and Magic\RegistrationReminder.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 12620 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskUser.job
    C:\Windows\tasks\User_Feed_Synchronization-{A3C2E72C-6B7D-4112-BE89-D252C22BCF97}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-12-12 1372160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-30 308856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-08 455960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2006-12-18 501384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-11 2055960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-08-21 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-08-21 2403392]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-11 2055960]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-02-06 1006264]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
    "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-02-28 90191]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-02-28 7770112]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-02-28 81920]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
    "EPSON Stylus Photo R240 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE [2005-04-25 98304]
    "HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-11-29 46704]
    "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-18 472800]
    "Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
    "NapsterShell"=C:\Program Files\Napster\napster.exe [2007-12-10 323216]
    "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744]
    "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-11-25 167936]
    "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2006-12-18 77824]
    "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-18 317152]
    "PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2007-02-09 694008]
    "DT HPW"=C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe [2007-04-25 280064]
    "NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
    "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-30 185896]
    "EverioService"=C:\Program Files\CyberLink\PCM4Everio\EverioService.exe [2007-03-29 151552]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-08 1235736]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-02-06 1232896]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-17 221184]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-12-12 21686568]
    "Google Update"=C:\Users\Tasha\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    C:\Users\Tasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Dropbox.lnk - C:\Program Files\Dropbox\Dropbox.exe
    Registration .LNK - C:\Users\Tasha\Saved Games\Dark Messiah of Might and Magic\RegistrationReminder.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
    avldr.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
    Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-02-06 233888]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "LogonHoursAction"=2
    "DontDisplayLogonHoursWarnings"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableLUA"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fcf12fd-d888-11dc-96d5-001636db92ed}]
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\copy.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fcf1303-d888-11dc-96d5-001636db92ed}]
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\copy.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83927325-8791-11dc-9311-001a6b00690e}]
    shell\AutoRun\command - H:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94338cec-f4df-11dc-a248-001636db92ed}]
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\copy.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94338d1a-f4df-11dc-a248-001636db92ed}]
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7094acd-87f5-11dc-b95a-001a6b00690e}]
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


    ======File associations======

    .js - open - %SystemRoot%\system32\NOTEPAD.EXE %1
    .txt - open -

    ======List of files/folders created in the last 1 months======

    2008-09-18 13:20:58 ----D---- C:\rsit
    2008-09-18 10:02:51 ----D---- C:\Users\Tasha\AppData\Roaming\Malwarebytes
    2008-09-18 10:02:47 ----D---- C:\ProgramData\Malwarebytes
    2008-09-18 10:02:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-18 09:26:48 ----A---- C:\Windows\system32\wups2.dll
    2008-09-18 09:26:48 ----A---- C:\Windows\system32\wucltux.dll
    2008-09-18 09:26:48 ----A---- C:\Windows\system32\wuaueng.dll
    2008-09-18 09:26:48 ----A---- C:\Windows\system32\wuauclt.exe
    2008-09-18 09:26:00 ----A---- C:\Windows\system32\wups.dll
    2008-09-18 09:26:00 ----A---- C:\Windows\system32\wudriver.dll
    2008-09-18 09:25:59 ----A---- C:\Windows\system32\wuapi.dll
    2008-09-18 09:25:11 ----A---- C:\Windows\system32\wuwebv.dll
    2008-09-18 09:25:11 ----A---- C:\Windows\system32\wuapp.exe
    2008-09-17 16:25:45 ----D---- C:\Program Files\Apple Software Update
    2008-09-17 16:24:19 ----A---- C:\Windows\system32\GEARAspi.dll
    2008-09-17 16:24:18 ----DC---- C:\Windows\system32\DRVSTORE
    2008-09-17 16:23:56 ----D---- C:\Program Files\iPod
    2008-09-17 16:23:53 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-17 16:23:53 ----D---- C:\Program Files\iTunes
    2008-09-17 16:16:12 ----SHD---- C:\Config.Msi
    2008-09-16 14:44:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2008-09-16 14:44:12 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-09-16 14:24:38 ----D---- C:\Program Files\Trend Micro
    2008-09-16 14:13:14 ----SHD---- C:\Windows\ftpcache
    2008-09-16 11:20:06 ----D---- C:\Program Files\Panda Security
    2008-09-15 11:24:52 ----D---- C:\Users\Tasha\AppData\Roaming\Dropbox
    2008-09-15 11:24:48 ----D---- C:\Program Files\Dropbox
    2008-09-12 15:52:49 ----A---- C:\Windows\system32\Apphlpdm.dll
    2008-09-12 15:52:45 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
    2008-09-12 15:52:44 ----A---- C:\Windows\system32\gameux.dll
    2008-09-12 15:52:22 ----A---- C:\Windows\system32\wmpeffects.dll
    2008-09-09 12:30:40 ----A---- C:\Windows\system32\hpxp4500.dll
    2008-09-09 12:30:40 ----A---- C:\Windows\system32\hpgtbb.dll
    2008-09-09 12:30:40 ----A---- C:\Windows\system32\hp4500co.dll
    2008-09-04 16:59:38 ----D---- C:\MyWorks
    2008-08-29 10:18:58 ----A---- C:\Windows\system32\dns-sd.exe
    2008-08-29 09:53:50 ----A---- C:\Windows\system32\dnssd.dll
    2008-08-27 16:10:14 ----D---- C:\Windows\Sun
    2008-08-20 12:25:16 ----A---- C:\Windows\system32\winipsec.dll
    2008-08-20 12:25:16 ----A---- C:\Windows\system32\IPSECSVC.DLL
    2008-08-20 12:25:16 ----A---- C:\Windows\system32\FwRemoteSvr.dll
    2008-08-20 12:25:15 ----A---- C:\Windows\system32\polstore.dll
    2008-08-20 12:24:26 ----A---- C:\Windows\system32\tzres.dll
    2008-08-20 12:20:22 ----A---- C:\Windows\system32\es.dll
    2008-08-20 12:18:58 ----A---- C:\Windows\system32\advpack.dll
    2008-08-20 12:18:57 ----A---- C:\Windows\system32\ieapfltr.dll
    2008-08-20 12:18:56 ----A---- C:\Windows\system32\wininet.dll
    2008-08-20 12:18:56 ----A---- C:\Windows\system32\jsproxy.dll
    2008-08-20 12:18:55 ----A---- C:\Windows\system32\dxtrans.dll
    2008-08-20 12:18:55 ----A---- C:\Windows\system32\dxtmsft.dll
    2008-08-20 12:18:53 ----A---- C:\Windows\system32\ieui.dll
    2008-08-20 12:18:52 ----A---- C:\Windows\system32\ieframe.dll
    2008-08-20 12:18:49 ----A---- C:\Windows\system32\mshtmled.dll
    2008-08-20 12:18:48 ----A---- C:\Windows\system32\mshtml.dll
    2008-08-20 12:18:44 ----A---- C:\Windows\system32\mstime.dll
    2008-08-20 12:18:44 ----A---- C:\Windows\system32\icardie.dll
    2008-08-20 12:18:40 ----A---- C:\Windows\system32\ieUnatt.exe
    2008-08-20 12:18:39 ----A---- C:\Windows\system32\urlmon.dll
    2008-08-20 12:18:38 ----A---- C:\Windows\system32\pngfilt.dll
    2008-08-20 12:18:38 ----A---- C:\Windows\system32\iesetup.dll
    2008-08-20 12:18:38 ----A---- C:\Windows\system32\iernonce.dll
    2008-08-20 12:18:38 ----A---- C:\Windows\system32\ie4uinit.exe
    2008-08-20 12:15:30 ----A---- C:\Windows\system32\INETRES.dll
    2008-08-20 12:15:30 ----A---- C:\Windows\system32\inetcomm.dll
    2008-08-19 23:03:25 ----A---- C:\Windows\system32\cdintf210.dll
    2008-08-19 23:03:16 ----RA---- C:\Windows\system32\SGXMLQry.dll
    2008-08-19 23:03:16 ----RA---- C:\Windows\system32\SGUserInfo.dll
    2008-08-19 23:03:16 ----RA---- C:\Windows\system32\SGInfProgressBar.dll
    2008-08-19 23:03:16 ----RA---- C:\Windows\system32\SageStorage.dll
    2008-08-19 23:03:16 ----RA---- C:\Windows\system32\SageSoftwareUpdate.dll
    2008-08-19 23:03:16 ----RA---- C:\Windows\system32\SageFolderBrowse.dll
    2008-08-19 23:03:16 ----A---- C:\Windows\system32\SGISAQry.dll
    2008-08-19 23:03:16 ----A---- C:\Windows\system32\SGINFMR.dll
    2008-08-19 23:03:14 ----D---- C:\Program Files\Informer50
    2008-08-19 23:02:56 ----A---- C:\Windows\system32\sageebanking.dll
    2008-08-19 23:02:56 ----A---- C:\Windows\system32\SageBankReconciliation.dll
    2008-08-19 23:02:56 ----A---- C:\Windows\system32\SageBankBalances.dll
    2008-08-19 23:02:55 ----D---- C:\Program Files\Sage EBanking
    2008-08-19 23:02:55 ----A---- C:\Windows\system32\SageNatWestOnline.dll
    2008-08-19 23:02:55 ----A---- C:\Windows\system32\SageNatWestBankline.dll
    2008-08-19 23:02:55 ----A---- C:\Windows\system32\SageBarclaysOnline.dll
    2008-08-19 23:02:55 ----A---- C:\Windows\system32\SageBarclaysBusinessMasterII.dll
    2008-08-19 23:02:55 ----A---- C:\Windows\system32\SageBankPayments.dll
    2008-08-19 23:02:55 ----A---- C:\Windows\system32\BankServiceUtilities.dll
    2008-08-19 23:02:39 ----A---- C:\Windows\ODBCINST.INI
    2008-08-19 23:02:38 ----N---- C:\Windows\system32\MFC30.DLL
    2008-08-19 23:02:38 ----A---- C:\Windows\system32\S11DBC32.dll
    2008-08-19 23:02:02 ----D---- C:\Program Files\Common Files\Sage Line50
    2008-08-19 23:01:05 ----D---- C:\Program Files\Sage
    2008-08-19 18:52:23 ----D---- C:\Program Files\Microsoft Small Business
    2008-08-19 18:46:28 ----D---- C:\Windows\PCHEALTH
    2008-08-19 18:46:12 ----D---- C:\Program Files\Microsoft SQL Server

    ======List of files/folders modified in the last 1 months======

    2008-09-18 13:21:10 ----D---- C:\Windows\Temp
    2008-09-18 13:16:31 ----D---- C:\Users\Tasha\AppData\Roaming\Skype
    2008-09-18 13:14:11 ----D---- C:\Windows\rescache
    2008-09-18 13:12:59 ----D---- C:\Windows\system32\en-US
    2008-09-18 13:12:59 ----D---- C:\Windows\System32
    2008-09-18 13:12:31 ----D---- C:\Windows\system32\drivers
    2008-09-18 13:10:34 ----D---- C:\Windows\winsxs
    2008-09-18 13:03:57 ----RD---- C:\Program Files
    2008-09-18 11:37:17 ----D---- C:\Windows\inf
    2008-09-18 11:37:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-09-18 11:05:34 ----A---- C:\Windows\NeroDigital.ini
    2008-09-18 10:40:40 ----D---- C:\Users\Tasha\AppData\Roaming\skypePM
    2008-09-18 10:02:47 ----HD---- C:\ProgramData
    2008-09-18 09:41:49 ----SHD---- C:\System Volume Information
    2008-09-18 09:27:19 ----D---- C:\Windows\PolicyDefinitions
    2008-09-18 09:26:42 ----D---- C:\Windows\system32\catroot
    2008-09-18 09:17:06 ----D---- C:\Windows
    2008-09-18 09:16:38 ----D---- C:\Windows\system32\catroot2
    2008-09-17 16:26:38 ----SHD---- C:\Windows\Installer
    2008-09-17 16:25:48 ----D---- C:\Windows\system32\Tasks
    2008-09-17 16:23:53 ----D---- C:\ProgramData\Apple Computer
    2008-09-17 16:22:34 ----D---- C:\Program Files\Bonjour
    2008-09-17 16:22:00 ----D---- C:\Program Files\QuickTime
    2008-09-17 16:21:18 ----D---- C:\Program Files\Common Files\Apple
    2008-09-17 15:33:33 ----D---- C:\Program Files\Mozilla Firefox
    2008-09-17 14:39:41 ----D---- C:\Users\Tasha\AppData\Roaming\Sony
    2008-09-16 21:15:34 ----D---- C:\Windows\ehome
    2008-09-16 16:43:33 ----D---- C:\Windows\Prefetch
    2008-09-16 15:33:25 ----A---- C:\Windows\ntbtlog.txt
    2008-09-16 15:24:34 ----D---- C:\Windows\system32\WDI
    2008-09-16 13:40:25 ----HD---- C:\$AVG8.VAULT$
    2008-09-16 11:19:31 ----SD---- C:\Windows\Downloaded Program Files
    2008-09-12 16:04:39 ----D---- C:\Windows\AppPatch
    2008-09-12 15:49:08 ----D---- C:\Program Files\Microsoft Works
    2008-09-09 17:26:20 ----D---- C:\Windows\SMINST
    2008-09-08 19:13:42 ----D---- C:\Program Files\Flickr Uploadr
    2008-09-03 17:22:04 ----RSD---- C:\Windows\assembly
    2008-09-03 17:22:02 ----D---- C:\Program Files\Common Files\microsoft shared
    2008-09-03 17:20:36 ----D---- C:\Windows\registration
    2008-09-03 17:19:22 ----SD---- C:\Users\Tasha\AppData\Roaming\Microsoft
    2008-09-03 14:44:55 ----D---- C:\Windows\Tasks
    2008-08-28 00:15:35 ----D---- C:\Windows\Debug
    2008-08-28 00:14:17 ----D---- C:\Users\Tasha\AppData\Roaming\Roxio
    2008-08-28 00:08:00 ----D---- C:\Program Files\Common Files\Sonic Shared
    2008-08-28 00:01:53 ----D---- C:\Program Files\Common Files
    2008-08-27 16:07:31 ----D---- C:\Program Files\ros
    2008-08-26 21:28:12 ----A---- C:\Windows\system32\mrt.exe
    2008-08-25 18:38:52 ----D---- C:\Windows\Minidump
    2008-08-25 18:38:34 ----D---- C:\Windows\system32\FlashAX
    2008-08-20 12:27:17 ----D---- C:\Windows\system32\migration
    2008-08-20 12:27:17 ----D---- C:\Program Files\Internet Explorer
    2008-08-20 12:27:15 ----D---- C:\Program Files\Windows Mail
    2008-08-19 23:04:12 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-08-19 23:03:49 ----A---- C:\Windows\Sage.ini
    2008-08-19 23:02:39 ----A---- C:\Windows\ODBC.INI
    2008-08-19 22:13:50 ----D---- C:\Windows\Microsoft.NET
    2008-08-19 18:53:09 ----SD---- C:\ProgramData\Microsoft
    2008-08-19 18:47:46 ----D---- C:\Program Files\Microsoft.NET

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-09-08 97928]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-08-11 26824]
    R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-02-06 320000]
    R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
    R2 {22D78859-9CE9-4b77-BF18-AC83E81A9263};{22D78859-9CE9-4b77-BF18-AC83E81A9263}; \??\C:\Program Files\HP\QuickPlay\000.fcl [2006-11-25 13560]
    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
    R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-07-02 113664]
    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
    R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-08-11 69128]
    R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-07-02 19456]
    R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-07-02 29184]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-02-06 14208]
    R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-02-07 218752]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
    R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
    R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
    R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-02-28 4465184]
    R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-03-26 47360]
    R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2006-12-18 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2006-12-18 43904]
    R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-02-06 82432]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
    R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-02-06 11264]
    R3 xpvcom;XPVCOM Port; C:\Windows\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032]
    S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2006-11-02 45696]
    S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2006-11-02 40448]
    S3 AVCSTRM;AVC Streaming Filter Driver; C:\Windows\system32\DRIVERS\avcstrm.sys [2006-11-02 14208]
    S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
    S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-07-02 220160]
    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
    S3 hamachi_oem;PlayLinc Adapter; C:\Windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-12-12 148992]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
    S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\Windows\system32\DRIVERS\mstape.sys [2006-11-02 50048]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
    S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
    S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
    S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
    S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
    S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
    S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
    S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
    S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
    S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
    S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
    R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-08 875288]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-08 231704]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    R2 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2006-11-02 11264]
    R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-25 270431]
    R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-25 118877]
    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-04-25 73728]
    R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2006-11-28 63080]
    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
    R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
    R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2006-11-02 9728]
    R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
    R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
    R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976]
    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-19 654848]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-21 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-02-04 89136]
    S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
    S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2006-11-02 75776]

    -----------------EOF-----------------

  5. #5
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Looks better

    Please go to Kaspersky website and perform an online antivirus scan.

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.


    If you need a tutorial, see here
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Due to the lack of feedback this Topic is closed.

    If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

    Everyone else please begin a New Topic.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •