Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: WiniFighter + More

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    21

    Default WiniFighter + More

    I have been getting popups regarding WiniFighter for the past 1-2 days. I have attempted to clean using Spybot Search & Destroy as well as Spyware Doctor, which I later uninstalled. I have now run Spybot Search & Destroy at least 5-6 times, and still have bad things coming up, so figured it was time to ask for help. I do not have the directories that are said to be deleted if infected with WiniFighter, and I briefly looked through the registry and didn't see anything at first glance. I downloaded and installed RunAlyzer but am unaware how to use it so that's as far as I've got.

    Thank you.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:49:03 PM, on 8/3/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\USBStorage\USBDetector.exe
    C:\Program Files\CRW\shwicon.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\WDC\SetIcon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
    C:\Program Files\Brownie\BrstsWnd.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\gb9iengh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Brownie\brpjp04a.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2994] command /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7475] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2076] command /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6580] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6055] command /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7007] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1975] command /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2742] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4187] command /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3925] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5126] command /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC834] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9408] command /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5122] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA732] command /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6037] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2414] command /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC667] cmd /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7032] command /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6159] cmd /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
    O4 - HKCU\..\Run: [gb9iengh.exe] C:\WINDOWS\system32\gb9iengh.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB389] command /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1122] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4875] command /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9080] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1437] command /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD671] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB223] command /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5261] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7167] command /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1097] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB965] command /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7308] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8970] command /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1544] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4123] command /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6716] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1984] command /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9376] cmd /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4574] command /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7212] cmd /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
    O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'User')
    O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-1005\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'User')
    O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-1005\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl (User 'User')
    O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
    O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-501\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Guest')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\pokodezu.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\Common Files\mehe.html

    --
    End of file - 16086 bytes

  2. #2
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Hello and welcome to Safer Networking.

    My name is km2357 and I will be helping you to remove any infection(s) that you may have.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

    I will be back as soon as possible with your first instructions!
    Malware Removal University Master
    Member of ASAP & UNITE

  3. #3
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Step # 1: Make an uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.


    Step # 2 Download and Run RSIT

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)



    In your next post/reply, I need to see the following:

    1. Uninstall List
    2. The two RSIT Logs (log and info.txt)
    Malware Removal University Master
    Member of ASAP & UNITE

  4. #4
    Junior Member
    Join Date
    Aug 2006
    Posts
    21

    Default

    Thank you km2357.

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Acubix PicoZip 4.02
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player Plugin
    Adobe Photoshop CS
    Adobe Photoshop CS3
    Adobe Reader 7.1.0
    Adobe Setup
    Adobe Setup
    Adobe Shockwave Player
    Adobe Update Manager CS3
    AIM 6
    AOL Instant Messenger
    Apple Mobile Device Support
    Apple Software Update
    AVG 8.5
    AVOne - RM to AVI DVD VCD SVCD Converter (d)
    backburner 2.1
    BCM V.92 56K Modem
    Belkin 54g USB Network Adapter
    BitComet 0.96
    BitTorrent 5.0.9
    Bodog Poker Version 2.16.3.49
    Bonjour
    Brother HL-2140
    Canon Camera Window for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    CCleaner (remove only)
    C-Dilla Licence Management System
    Codec Pack - All In 1 6.0.3.0
    CRW Series Driver v1.17r023
    Dell ResourceCD
    DivX Converter
    DivX Player
    DivX Web Player
    Driver
    DV Network Software
    dvdSanta 4.00
    Easy Screen Capture 2
    EPSON Printer Software
    EVEREST Home Edition v2.20
    ffdshow [rev 1723] [2007-12-24]
    FlashFXP v3
    Full Tilt Poker
    Garmin Communicator Plugin
    Garmin TOPO U.S. 2008
    Garmin Trip and Waypoint Manager v4
    Garmin WebUpdater
    getPlus(R)_dll
    Google Earth
    Google Updater
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Intel(R) Extreme Graphics Driver
    Intro and Interm Algebra Multimedia Setup
    Intro and Interm Algebra Multimedia Setup
    Introductory and Intermediate Algebra
    Introductory and Intermediate Algebra (Fall 2008 Student Version)
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 8
    Kaspersky Online Scanner
    Kodak EasyShare software
    Macromedia Dreamweaver MX 2004
    Macromedia Extension Manager
    Macromedia Fireworks MX 2004
    Macromedia Flash MX 2004
    Macromedia FreeHand MXa
    Merge Version 2.0
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel Viewer 2003
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    mIRC
    MobileMe Control Panel
    MOV Converter 3
    Mozilla Firefox (3.0.7)
    oggcodecs 0.71.0946
    Pando
    Picasa 2
    PokerStars
    QuickTime
    RealPlayer
    Rebel Trucker
    Recorder
    Recorder (C:\Program Files\Recorder\)
    RM Converter 3.28
    RunAlyzer
    Safari
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    SoundMAX
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    SUPER Version 2007.bld.22 (Mar 14, 2007)
    TreeSize Free V2.3.1
    TVersity Codec Pack 1.2
    TVersity Media Server 1.0.0.11 RC7
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Outlook 2007 Junk Email Filter (kb970012)
    Viewpoint Media Player
    Vodei Multimedia Processor 2.00
    WD Diagnostics
    WD Media Center Driver
    Win AVI HelixSDK
    WinAVIVideoConverter
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 2
    WinRAR archiver
    xImage
    XviD 1.1 final uninstall
    Yahoo! Address AutoComplete




    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Owner at 2009-08-04 15:08:36
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 18 GB (23%) free of 76 GB
    Total RAM: 638 MB (30% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:10:36 PM, on 8/4/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\USBStorage\USBDetector.exe
    C:\Program Files\CRW\shwicon.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\WDC\SetIcon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Owner.70E9OW531HWRKW8\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Owner.exe
    C:\WINDOWS\SoftwareDistribution\Download\5d36f2aa7b9a0b7eeabfa4c3afb200cb\update\update.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2994] command /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7475] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2076] command /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6580] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6055] command /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7007] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1975] command /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2742] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4187] command /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3925] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5126] command /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC834] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9408] command /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5122] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA732] command /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6037] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2414] command /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC667] cmd /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7032] command /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6159] cmd /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\pokodezu.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\Common Files\mehe.html

    --
    End of file - 13194 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}]
    CInterceptor Object - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll [2008-06-02 577536]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll [2007-09-28 521528]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-03 1111320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
    FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "USBDetector"=C:\USBStorage\USBDetector.exe [2002-11-26 53248]
    "ShowIcon_The Company_CRW Series Driver v1.17r023"=C:\Program Files\CRW\shwicon.exe [2003-01-27 73728]
    "RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-03-25 69632]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "SetIcon"=\Program Files\WDC\SetIcon.exe [2004-04-28 42496]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
    "EPSON Stylus Photo RX620 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE [2004-05-20 98304]
    "BrStsWnd"=C:\Program Files\Brownie\BrstsWnd.exe [2008-01-08 864256]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-29 1948440]
    "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingA2994"=command /c del C:\Documents and Settings\Guest\Favorites\ Antivirus.url []
    "SpybotDeletingC7475"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Antivirus.url []
    "SpybotDeletingA2076"=command /c del C:\Documents and Settings\Guest\Favorites\ Casino Online.url []
    "SpybotDeletingC6580"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Casino Online.url []
    "SpybotDeletingA6055"=command /c del C:\Documents and Settings\Guest\Favorites\ Computers.url []
    "SpybotDeletingC7007"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Computers.url []
    "SpybotDeletingA1975"=command /c del C:\Documents and Settings\Guest\Favorites\ Games.url []
    "SpybotDeletingC2742"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Games.url []
    "SpybotDeletingA4187"=command /c del C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url []
    "SpybotDeletingC3925"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url []
    "SpybotDeletingA5126"=command /c del C:\Documents and Settings\Guest\Favorites\ Internet.url []
    "SpybotDeletingC834"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Internet.url []
    "SpybotDeletingA9408"=command /c del C:\Documents and Settings\Guest\Favorites\ Movie.url []
    "SpybotDeletingC5122"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Movie.url []
    "SpybotDeletingA732"=command /c del C:\Documents and Settings\Guest\Favorites\ Web Hosting.url []
    "SpybotDeletingC6037"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Web Hosting.url []
    "SpybotDeletingA2414"=command /c del C:\WINDOWS\system32\drivers\RKHit.sys []
    "SpybotDeletingC667"=cmd /c del C:\WINDOWS\system32\drivers\RKHit.sys []
    "SpybotDeletingA7032"=command /c del C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job []
    "SpybotDeletingC6159"=cmd /c del C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    ""= []
    "Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]
    "PicoZip"=C:\PROGRA~1\PicoZip\PicoZipTray.exe [2006-06-09 581632]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe [2007-09-07 43008]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    C:\Program Files\BitTorrent\bittorrent.exe [2007-09-07 43008]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    C:\Program Files\Pando Networks\Pando\Pando.exe [2008-06-02 6210888]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoZip]
    C:\PROGRA~1\PicoZip\PicoZipTray.exe [2006-06-09 581632]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
    C:\Program Files\SurfSideKick 3\Ssk.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    C:\PROGRA~1\KODAK\KODAKE~1\bin\EASYSH~1.EXE [2002-09-16 299008]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
    C:\PROGRA~1\WORKSP~1.0\WMPHOT~1.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.70E9OW531HWRKW8^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
    C:\PROGRA~1\WORKSP~2.5\WMPHOT~1.EXE []

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-06-29 11952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=91000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\Program Files\EA GAMES\Need for Speed Underground 2 Demo\speed2demo.exe"="C:\Program Files\EA GAMES\Need for Speed Underground 2 Demo\speed2demo.exe:*:Disabled:speed2demo"
    "C:\WINDOWS\system32\requester.6.exe"="C:\WINDOWS\system32\requester.6.exe:*:Disabled:requester.6"
    "C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\javaw.exe"="C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\javaw.exe:*:Enabled:javaw"
    "C:\WINDOWS\system32\requester.7.exe"="C:\WINDOWS\system32\requester.7.exe:*:Disabled:requester.7"
    "C:\WINDOWS\system32\requester.8.exe"="C:\WINDOWS\system32\requester.8.exe:*:Disabled:requester.8"
    "C:\WINDOWS\system32\requester.9.exe"="C:\WINDOWS\system32\requester.9.exe:*:Disabled:requester.9"
    "C:\WINDOWS\system32\requester.10.exe"="C:\WINDOWS\system32\requester.10.exe:*:Disabled:requester.10"
    "C:\WINDOWS\system32\requester.11.exe"="C:\WINDOWS\system32\requester.11.exe:*:Enabled:requester.11"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
    "C:\Games\Descent3\main.exe"="C:\Games\Descent3\main.exe:*:Disabled:main"
    "C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Disabled:Sunbelt Kerio Firewall GUI"
    "C:\Program Files\Canon\DV Messenger\DV Messenger.exe"="C:\Program Files\Canon\DV Messenger\DV Messenger.exe:*:Enabled:Executable"
    "C:\Program Files\GoPets Ltd\GPStarter.exe"="C:\Program Files\GoPets Ltd\GPStarter.exe:*:Enabled:GoPets"
    "C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:pando"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
    "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{721a3a11-bf2b-11d8-bd7a-806d6172696f}]
    shell\Rip\command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e48821ba-11cd-11db-85d5-84c167dd43df}]
    shell\AutoRun\command - setupSNK.exe


    ======List of files/folders created in the last 3 months======

    2009-12-28 05:58:14 ----A---- C:\WINDOWS\9b02spa5sez01.dll
    2009-12-27 04:35:01 ----A---- C:\WINDOWS\system32\1685895rusz40.exe
    2009-12-25 00:17:37 ----A---- C:\WINDOWS\54fzpa9se2955.exe
    2009-12-19 07:37:30 ----A---- C:\WINDOWS\9219n59-a-virzsa2.dll
    2009-12-15 18:10:35 ----A---- C:\WINDOWS\system32\14667s5yzf9.exe
    2009-12-14 05:19:28 ----A---- C:\WINDOWS\system32\10316not-9-viruz6845.dll
    2009-12-05 20:13:27 ----A---- C:\WINDOWS\system32\5500troj6fz9.dll
    2009-12-04 12:55:35 ----A---- C:\WINDOWS\97276hacktoo51d4z.exe
    2009-12-01 00:30:50 ----A---- C:\WINDOWS\9222sp579z.exe
    2009-11-28 18:22:51 ----A---- C:\WINDOWS\system32\2595spzware2859.exe
    2009-11-25 13:14:39 ----A---- C:\WINDOWS\system32\1zacbackdoo52389.dll
    2009-11-23 09:43:06 ----A---- C:\WINDOWS\99959vzrus15.exe
    2009-11-22 18:45:04 ----A---- C:\WINDOWS\system32\54319zpy73d.dll
    2009-11-21 17:10:56 ----A---- C:\WINDOWS\system32\7c5dspyzare1695.dll
    2009-11-16 23:46:51 ----A---- C:\WINDOWS\2f7fzddw5re2209.exe
    2009-11-15 16:36:55 ----A---- C:\WINDOWS\35098spy6z0.dll
    2009-11-09 14:44:02 ----A---- C:\WINDOWS\11649n5t-a-vzr9s62.dll
    2009-11-04 10:12:54 ----A---- C:\WINDOWS\system32\15094s5zmbo9317.exe
    2009-11-01 16:57:33 ----A---- C:\WINDOWS\15222v9ru53ebz.dll
    2009-10-27 12:28:19 ----A---- C:\WINDOWS\system32\5119thr9z514866.dll
    2009-10-26 15:22:34 ----A---- C:\WINDOWS\system32\12751no5-a-9izus4f5.exe
    2009-10-21 01:49:17 ----A---- C:\WINDOWS\z9e4backdoor529.dll
    2009-10-17 22:13:31 ----A---- C:\WINDOWS\system32\295389ackzool654.dll
    2009-10-17 11:08:37 ----A---- C:\WINDOWS\system32\7z94ha9kt5ol786.exe
    2009-10-11 17:12:56 ----A---- C:\WINDOWS\system32\f1fadd5arz9314.exe
    2009-10-11 09:10:07 ----A---- C:\WINDOWS\system32\6918hzck9oolc55.exe
    2009-10-09 02:09:34 ----A---- C:\WINDOWS\system32\69c45oznloader2851.dll
    2009-10-07 02:15:10 ----A---- C:\WINDOWS\system32\225evir194z.exe
    2009-10-07 01:27:19 ----A---- C:\WINDOWS\29017worz593.exe
    2009-10-06 21:16:24 ----A---- C:\WINDOWS\system32\2faastea91z59.exe
    2009-10-06 07:26:13 ----A---- C:\WINDOWS\system32\z13389i5us1aa.dll
    2009-10-02 05:42:15 ----A---- C:\WINDOWS\d51stezl969.dll
    2009-10-01 15:10:57 ----A---- C:\WINDOWS\d3a9hie5z53.exe
    2009-10-01 11:51:50 ----A---- C:\WINDOWS\system32\4523worm5zd9.dll
    2009-09-30 20:29:18 ----A---- C:\WINDOWS\3f5btzie91502.dll
    2009-09-28 16:47:50 ----A---- C:\WINDOWS\system32\49c7thiez1577.dll
    2009-09-22 13:26:36 ----A---- C:\WINDOWS\z9188spy985.dll
    2009-09-21 16:04:27 ----A---- C:\WINDOWS\55225pzmbot391.dll
    2009-09-21 12:27:17 ----A---- C:\WINDOWS\system32\8ectzr9at18358.dll
    2009-09-16 21:25:00 ----A---- C:\WINDOWS\system32\92645p94adz.exe
    2009-09-16 04:26:30 ----A---- C:\WINDOWS\system32\594caddzare21915.dll
    2009-09-11 21:20:59 ----A---- C:\WINDOWS\system32\99149irus18z5.dll
    2009-09-08 01:03:06 ----A---- C:\WINDOWS\system32\12895tzoj645.exe
    2009-09-05 03:08:47 ----A---- C:\WINDOWS\z6552vi9us49d.exe
    2009-09-01 06:55:10 ----A---- C:\WINDOWS\9z95not-a-virus2fd.exe
    2009-08-28 06:15:20 ----A---- C:\WINDOWS\6995backdoor6z5.dll
    2009-08-24 14:58:58 ----A---- C:\WINDOWS\z9504virus2cd.exe
    2009-08-24 08:47:35 ----A---- C:\WINDOWS\z515th9ef1697.exe
    2009-08-20 08:08:57 ----A---- C:\WINDOWS\59z16spy497.dll
    2009-08-18 02:37:30 ----A---- C:\WINDOWS\7e38downloazer9597.dll
    2009-08-17 06:32:50 ----A---- C:\WINDOWS\system32\4975zorm367.dll
    2009-08-16 21:10:06 ----A---- C:\WINDOWS\958zsp5mbot30e.exe
    2009-08-14 02:47:21 ----A---- C:\WINDOWS\system32\3589back9oor5z5.dll
    2009-08-10 13:42:43 ----A---- C:\WINDOWS\9465hackto5l92z.exe
    2009-08-04 15:08:36 ----D---- C:\rsit
    2009-08-04 15:06:47 ----D---- C:\WINDOWS\LastGood
    2009-08-04 00:03:08 ----A---- C:\WINDOWS\system32\unzip3252.dll
    2009-08-04 00:03:08 ----A---- C:\WINDOWS\system32\ijl15.dll
    2009-08-04 00:03:07 ----A---- C:\WINDOWS\system32\UNACE.DLL
    2009-08-04 00:03:07 ----A---- C:\WINDOWS\system32\gdiplus.dll
    2009-08-04 00:03:07 ----A---- C:\WINDOWS\system32\FreeImage.dll
    2009-08-03 23:44:14 ----D---- C:\Program Files\Trend Micro
    2009-08-03 17:50:24 ----D---- C:\Program Files\Safer Networking
    2009-08-03 16:31:51 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2009-08-03 11:59:27 ----A---- C:\WINDOWS\a059pars5804z.dll
    2009-08-03 11:59:26 ----A---- C:\WINDOWS\system32\34b9t5reatz2829.dll
    2009-08-03 11:59:26 ----A---- C:\WINDOWS\system32\2z536n9t-a-vir5s34f.dll
    2009-08-03 11:59:26 ----A---- C:\WINDOWS\2z40t9re5t20565.dll
    2009-08-03 11:59:25 ----A---- C:\WINDOWS\system32\51717z9rusba.dll
    2009-08-03 11:59:25 ----A---- C:\WINDOWS\system32\19e0thizf158.dll
    2009-08-03 11:59:24 ----A---- C:\WINDOWS\ze55backdoor1619.dll
    2009-08-03 11:59:24 ----A---- C:\WINDOWS\system32\z0680not-a9vir5sd2.dll
    2009-08-03 11:59:24 ----A---- C:\WINDOWS\system32\920badd5arz340.dll
    2009-08-03 11:59:23 ----A---- C:\WINDOWS\66279ddwaze855.exe
    2009-08-03 11:59:23 ----A---- C:\WINDOWS\5d72vir909z.dll
    2009-08-03 11:59:23 ----A---- C:\WINDOWS\18863za95tool86.exe
    2009-08-03 11:59:22 ----A---- C:\WINDOWS\system32\138899orm5a5z.dll
    2009-08-03 11:59:22 ----A---- C:\WINDOWS\25zbbackdoor199.exe
    2009-08-03 11:59:21 ----A---- C:\WINDOWS\41e4spars915z4.dll
    2009-08-03 11:59:18 ----A---- C:\WINDOWS\system32\59c8threa594478z.exe
    2009-08-03 11:59:18 ----A---- C:\WINDOWS\system32\32451not-a-virus695z.exe
    2009-08-03 11:59:18 ----A---- C:\WINDOWS\system32\2z6335orm3259.exe
    2009-08-03 11:59:18 ----A---- C:\WINDOWS\52227hacktool169z.dll
    2009-08-03 11:59:18 ----A---- C:\WINDOWS\2982s5ar9e234z.exe
    2009-08-03 11:59:17 ----A---- C:\WINDOWS\7597downloader20z89.dll
    2009-08-03 11:59:17 ----A---- C:\WINDOWS\1a99do5nloaderz853.dll
    2009-08-03 11:59:16 ----A---- C:\WINDOWS\zce3th59f1201.exe
    2009-08-03 11:59:16 ----A---- C:\WINDOWS\system32\31255not-9-v5rzs440.dll
    2009-08-03 11:59:16 ----A---- C:\WINDOWS\system32\25e4threaz295999.exe
    2009-08-03 11:59:16 ----A---- C:\WINDOWS\fdavz9553.exe
    2009-08-03 11:59:16 ----A---- C:\WINDOWS\58e4thre9t273z3.exe
    2009-08-03 11:59:15 ----A---- C:\WINDOWS\system32\30905worm1b6z.exe
    2009-08-03 11:59:14 ----A---- C:\WINDOWS\system32\435b5hief2z49.exe
    2009-08-03 11:59:14 ----A---- C:\WINDOWS\e815zarse11559.exe
    2009-08-03 11:59:14 ----A---- C:\WINDOWS\727zv591683.dll
    2009-08-03 11:59:13 ----A---- C:\WINDOWS\system32\1abdthre59z0606.exe
    2009-08-03 11:59:12 ----A---- C:\WINDOWS\system32\5610w9zm60a.dll
    2009-08-03 11:59:12 ----A---- C:\WINDOWS\system32\5488spyw9re5221z.dll
    2009-08-03 11:59:12 ----A---- C:\WINDOWS\system32\225fazdware22479.exe
    2009-08-03 11:59:08 ----A---- C:\WINDOWS\system32\9575vzr35.dll
    2009-08-03 11:59:07 ----A---- C:\WINDOWS\system32\29z8sparse1595.dll
    2009-08-03 11:59:06 ----A---- C:\WINDOWS\system32\zc62a5d9are2068.exe
    2009-08-03 11:59:06 ----A---- C:\WINDOWS\system32\50a2s9eaz5949.dll
    2009-08-03 11:59:04 ----A---- C:\WINDOWS\84s9ars52z16.dll
    2009-08-03 11:59:04 ----A---- C:\WINDOWS\5458downloa9er555z.exe
    2009-08-03 11:59:04 ----A---- C:\WINDOWS\32420zot-a-vi9us456.dll
    2009-08-03 11:59:01 ----A---- C:\WINDOWS\1723t5rezt19958.dll
    2009-08-03 11:59:00 ----A---- C:\WINDOWS\system32\79d9vz510999.dll
    2009-08-03 11:59:00 ----A---- C:\WINDOWS\system32\3991threaz11589.dll
    2009-08-03 11:58:59 ----A---- C:\WINDOWS\655czt9al1487.dll
    2009-08-03 11:58:58 ----A---- C:\WINDOWS\system32\3623zac5door19.exe
    2009-08-03 11:58:58 ----A---- C:\WINDOWS\1z9799o5-a-virus200.exe
    2009-08-03 11:58:57 ----A---- C:\WINDOWS\system32\5a59vzr9215.dll
    2009-08-03 11:58:55 ----A---- C:\WINDOWS\system32\339ca5dwarez808.dll
    2009-08-03 11:58:55 ----A---- C:\WINDOWS\system32\2390zha5ktool5be.dll
    2009-08-03 11:58:53 ----A---- C:\WINDOWS\8855z9cktool20c.exe
    2009-08-03 11:58:53 ----A---- C:\WINDOWS\4994thie95738z.exe
    2009-08-03 11:58:51 ----A---- C:\WINDOWS\system32\2bf5ackd9oz2173.exe
    2009-08-03 11:58:48 ----A---- C:\WINDOWS\20z9thie524359.exe
    2009-08-03 05:08:58 ----A---- C:\WINDOWS\system32\4z72t59ef2502.dll
    2009-08-01 06:16:18 ----A---- C:\WINDOWS\system32\4979spyware295z.dll
    2009-07-29 13:33:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
    2009-07-26 03:46:49 ----A---- C:\WINDOWS\14484wo5m1z9.exe
    2009-07-21 06:34:30 ----A---- C:\WINDOWS\system32\4899downlza5er113.exe
    2009-07-20 10:59:09 ----A---- C:\WINDOWS\system32\17995zirus5bd.exe
    2009-07-19 11:48:43 ----A---- C:\WINDOWS\5z7ca9dware19955.dll
    2009-07-17 22:35:05 ----D---- C:\0ftp
    2009-07-14 12:46:11 ----A---- C:\WINDOWS\7c12z5eal796.exe
    2009-07-14 04:26:33 ----A---- C:\WINDOWS\50f3vir1z709.dll
    2009-07-13 12:45:03 ----A---- C:\WINDOWS\system32\2158sp9rze837.exe
    2009-07-11 20:14:12 ----A---- C:\WINDOWS\19725spamb5tz5.exe
    2009-07-11 19:14:09 ----A---- C:\WINDOWS\system32\62c59parsz884.dll
    2009-07-03 15:29:20 ----A---- C:\WINDOWS\system32\21259spy2d5z.dll
    2009-07-03 08:57:26 ----A---- C:\WINDOWS\1267z9iru590.dll
    2009-07-02 20:44:34 ----A---- C:\WINDOWS\system32\zd15backdoo92486.exe
    2009-06-23 15:29:25 ----A---- C:\WINDOWS\system32\31649s9am5ot6cz.exe
    2009-06-20 16:11:34 ----A---- C:\WINDOWS\17251w9rm4bbz.dll
    2009-06-20 07:53:18 ----A---- C:\WINDOWS\353sp965z.dll
    2009-06-16 07:34:17 ----A---- C:\WINDOWS\99463h5zktool53f.exe
    2009-06-15 19:52:06 ----A---- C:\WINDOWS\system32\1004noz-a-virus45b9.dll
    2009-06-12 10:07:36 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A244981E-8404-4D9D-AF17-121138BB71D6}
    2009-06-11 21:06:13 ----D---- C:\Program Files\Hawkes Learning Systems
    2009-06-11 20:30:15 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{94032222-2818-4C8C-8989-0DD3E335DD5D}
    2009-06-05 13:16:11 ----A---- C:\WINDOWS\system32\z018threat58089.dll
    2009-06-04 19:39:50 ----A---- C:\WINDOWS\54349ackdoor1z50.dll
    2009-06-03 10:52:28 ----A---- C:\WINDOWS\system32\188b95zware3244.exe
    2009-06-02 16:56:40 ----D---- C:\Documents and Settings\Owner.70E9OW531HWRKW8\Application Data\JAM Software
    2009-06-02 16:56:27 ----D---- C:\Program Files\JAM Software
    2009-06-02 14:29:22 ----A---- C:\WINDOWS\system32\477cbazkd95r1650.dll
    2009-05-28 07:11:56 ----A---- C:\WINDOWS\system32\z7824virus295.dll
    2009-05-27 20:50:06 ----A---- C:\WINDOWS\2a11steal91z5.dll
    2009-05-27 05:11:55 ----A---- C:\WINDOWS\system32\59e2zte5l794.dll
    2009-05-23 01:35:06 ----A---- C:\WINDOWS\system32\z9a1thief31795.exe
    2009-05-22 18:22:42 ----A---- C:\WINDOWS\system32\32228ha9ktoolzd5.dll
    2009-05-22 07:16:07 ----A---- C:\WINDOWS\16520not-a-59ruz522.exe
    2009-05-20 14:48:11 ----A---- C:\WINDOWS\system32\26755orz73f9.exe
    2009-05-18 13:00:03 ----A---- C:\WINDOWS\56aa9iz25075.exe
    2009-05-15 07:06:46 ----A---- C:\WINDOWS\system32\z4155h9cktool4b4.dll
    2009-05-12 14:44:03 ----A---- C:\WINDOWS\z05dbackdoor2892.dll
    2009-05-11 19:59:48 ----A---- C:\WINDOWS\system32\1919zpy6da5.dll
    2009-05-08 19:26:42 ----A---- C:\WINDOWS\3fz7addware5968.dll
    2009-05-07 22:55:42 ----D---- C:\Program Files\iPod
    2009-05-07 22:55:19 ----D---- C:\Program Files\iTunes
    2009-05-07 22:55:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-05-07 22:52:11 ----D---- C:\Program Files\QuickTime
    2009-05-07 22:49:01 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
    2009-05-05 18:37:17 ----A---- C:\WINDOWS\system32\4z3ath5ef389.exe

    ======List of files/folders modified in the last 3 months======

    2009-08-04 15:10:31 ----HD---- C:\WINDOWS\inf
    2009-08-04 15:10:31 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-04 15:09:24 ----D---- C:\WINDOWS\Prefetch
    2009-08-04 15:09:19 ----HD---- C:\WINDOWS\$hf_mig$
    2009-08-04 15:09:18 ----D---- C:\WINDOWS
    2009-08-04 15:04:33 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-04 13:34:36 ----SD---- C:\WINDOWS\Tasks
    2009-08-04 13:09:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-08-04 13:07:12 ----D---- C:\WINDOWS\Temp
    2009-08-04 13:05:29 ----D---- C:\Program Files\Messenger
    2009-08-04 13:04:17 ----D---- C:\Downloads
    2009-08-04 12:43:36 ----AD---- C:\Program Files
    2009-08-04 11:36:24 ----AD---- C:\WINDOWS\system32
    2009-08-04 00:04:58 ----A---- C:\WINDOWS\Brownie.ini
    2009-08-04 00:03:04 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-08-03 23:54:57 ----D---- C:\WINDOWS\system32\drivers
    2009-08-03 23:27:56 ----A---- C:\WINDOWS\WININIT.INI
    2009-08-03 21:25:48 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-08-03 21:25:48 ----D---- C:\Program Files\Common Files
    2009-08-03 21:23:43 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-03 18:08:03 ----ASH---- C:\boot.ini
    2009-08-03 17:57:48 ----D---- C:\Program Files\Hijackthis
    2009-08-03 17:57:13 ----D---- C:\Program Files\GoPets Ltd
    2009-08-03 17:54:11 ----SHD---- C:\WINDOWS\Installer
    2009-08-03 14:07:28 ----D---- C:\WINDOWS\Debug
    2009-08-03 12:33:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2009-07-29 13:41:36 ----D---- C:\Program Files\PokerRoom.com
    2009-07-29 13:36:05 ----RSD---- C:\WINDOWS\assembly
    2009-07-28 21:53:41 ----D---- C:\Documents and Settings\Owner.70E9OW531HWRKW8\Application Data\Macromedia
    2009-07-26 02:17:12 ----D---- C:\Program Files\mIRC
    2009-07-24 19:23:03 ----D---- C:\WINDOWS\system32\wbem
    2009-07-24 19:23:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-23 20:37:07 ----D---- C:\Program Files\BitComet
    2009-07-22 22:35:31 ----SD---- C:\Documents and Settings\Owner.70E9OW531HWRKW8\Application Data\Microsoft
    2009-07-17 09:08:15 ----D---- C:\Documents and Settings\Owner.70E9OW531HWRKW8\Application Data\Adobe
    2009-07-17 09:08:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
    2009-07-13 22:01:39 ----HD---- C:\$AVG8.VAULT$
    2009-06-29 08:55:50 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2009-06-19 21:05:22 ----A---- C:\WINDOWS\win.ini
    2009-06-15 03:03:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    2009-06-11 03:12:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-06-11 03:04:11 ----D---- C:\WINDOWS\system32\en-US
    2009-06-11 03:04:11 ----D---- C:\Program Files\Internet Explorer
    2009-06-11 03:03:57 ----D---- C:\WINDOWS\ie7updates
    2009-06-06 01:20:43 ----D---- C:\Program Files\PokerStars
    2009-06-01 12:51:12 ----AC---- C:\WINDOWS\system32\MRT.exe
    2009-05-07 22:56:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-05-07 22:55:40 ----D---- C:\Program Files\Common Files\Apple
    2009-05-07 11:44:00 ----N---- C:\WINDOWS\system32\localspl.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-03 335752]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-29 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-17 108552]
    R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\System32\DRIVERS\DcCam.sys [2002-09-04 34938]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-08 20747]
    R2 DCFS2K;DCFS2K; C:\WINDOWS\system32\drivers\dcfs2k.sys [2002-02-28 36885]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-03 9600]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-03 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-03 232192]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-23 2432]
    S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-23 2560]
    S1 Exportit;Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [2002-09-04 131509]
    S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
    S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
    S3 ACCSKMD;Canon Camera Storage Device; C:\WINDOWS\system32\DRIVERS\accskmd.sys [2003-05-13 32640]
    S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
    S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
    S3 DcFpoint;DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [2002-02-28 61568]
    S3 DcLps;Legacy Polling Service; C:\WINDOWS\System32\DRIVERS\DcLps.sys [2002-02-28 8058]
    S3 DcPTP;dcptp; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [2002-02-28 55866]
    S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
    S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
    S3 RkHit;RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-04 12672]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
    S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 Dcrmsnpbfarc;Dcrmsnpbfarc; C:\WINDOWS\system32\drivers\Dcrmsnpbfarc.sys []
    S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-03 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
    R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-03 907032]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-29 298776]
    R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2003-01-07 46080]
    R2 Dcfssvc;Dcfssvc; C:\WINDOWS\system32\drivers\dcfssvc.exe [2002-02-28 188987]
    R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-07-22 68096]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-30 654848]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2006-07-22 68096]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
    S3 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2009-01-19 827392]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []

    -----------------EOF-----------------

  5. #5
    Junior Member
    Join Date
    Aug 2006
    Posts
    21

    Default

    info.txt logfile of random's system information tool 1.06 2009-08-04 15:11:00

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    Acubix PicoZip 4.02-->"C:\Program Files\PicoZip\unins000.exe"
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
    Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
    Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\56522b95c504adae9e882a21b9c91db\Setup.exe
    Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
    Adobe Setup-->C:\Program Files\Common Files\Adobe\Installers\56522b95c504adae9e882a21b9c91db\Setup.exe
    Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    AOL Instant Messenger-->C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
    Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    AVOne - RM to AVI DVD VCD SVCD Converter (d)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E94DDE5-1712-48F6-B815-7F9A76F2287C}\Setup.exe"
    backburner 2.1-->C:\WINDOWS\unvise32.exe C:\3dsmax5\backburner2\uninstal.log
    BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
    Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
    BitComet 0.96-->C:\Program Files\BitComet\uninst.exe
    BitTorrent 5.0.9-->"C:\Program Files\BitTorrent\uninstall.exe"
    Bodog Poker Version 2.16.3.49-->"C:\Program Files\Bodog Poker\unins000.exe"
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Brother HL-2140-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAC74F60-C8B8-4369-8E20-7760C71261E7}\SETUP.exe" -l0x9 -removeonly /uninst
    Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
    Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
    Canon RAW Image Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
    Canon RemoteCapture Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
    Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C05E2D43-A05F-4835-A15C-CD0AD1576506}
    Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
    Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
    CRW Series Driver v1.17r023-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D757BE3C-77A1-11D6-856E-0050BA045EBA}\Setup.exe" -l0x9
    Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Driver-->C:\PROGRA~1\GTINTE~1\Driver\UNWISE.EXE C:\PROGRA~1\GTINTE~1\Driver\INSTALL.LOG
    DV Network Software-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{AB85A4DB-357F-41B5-94A6-C9A4CBBD791B} /l1033
    dvdSanta 4.00-->"C:\Program Files\dvdSanta\unins000.exe"
    Easy Screen Capture 2-->"C:\Program Files\Easy Screen Capture 2\unins000.exe"
    EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
    ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\ffdshow\unins000.exe"
    FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
    Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Garmin Communicator Plugin-->MsiExec.exe /X{14C9AE19-4254-4280-ACD3-E159231DC2CD}
    Garmin TOPO U.S. 2008-->MsiExec.exe /X{47BA74C5-1890-4ED2-954A-AD11186D8E26}
    Garmin Trip and Waypoint Manager v4-->MsiExec.exe /X{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}
    Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
    getPlus(R)_dll-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    Intro and Interm Algebra Multimedia Setup-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{A244981E-8404-4D9D-AF17-121138BB71D6}\COMBO-MMSetup.exe" REMOVE=TRUE MODIFY=FALSE
    Intro and Interm Algebra Multimedia Setup-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{A244981E-8404-4D9D-AF17-121138BB71D6}\COMBO-MMSetup.exe
    Introductory and Intermediate Algebra (Fall 2008 Student Version)-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{94032222-2818-4C8C-8989-0DD3E335DD5D}\COMBO-Student-Setup.exe" REMOVE=TRUE MODIFY=FALSE
    Introductory and Intermediate Algebra-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{94032222-2818-4C8C-8989-0DD3E335DD5D}\COMBO-Student-Setup.exe
    iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
    J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Kodak EasyShare software-->MsiExec.exe /I{11DB853A-6966-4724-BEAD-793C48AC8C54}
    Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
    Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
    Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
    Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
    Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
    Merge Version 2.0-->"C:\Program Files\Merge\unins000.exe"
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Ultimate 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
    Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
    MobileMe Control Panel-->MsiExec.exe /I{A14C24F6-615B-415E-84B0-610FDAD19B68}
    MOV Converter 3-->C:\Program Files\ImTOO\MOV Converter 3\Uninstall.exe
    Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
    Pando-->MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
    Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Rebel Trucker-->C:\PROGRA~1\GLOBAL~1\REBELT~1\UNWISE.EXE C:\PROGRA~1\GLOBAL~1\REBELT~1\INSTALL.LOG
    Recorder (C:\Program Files\Recorder\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Recorder\ST6UNST.000"
    Recorder-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Recorder\ST6UNST.LOG"
    RM Converter 3.28-->"C:\Program Files\RM Converter\unins000.exe"
    RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
    Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
    Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
    Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
    SUPER Version 2007.bld.22 (Mar 14, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
    TreeSize Free V2.3.1-->"C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
    TVersity Codec Pack 1.2-->C:\Program Files\TVersity Codec Pack\uninst.exe
    TVersity Media Server 1.0.0.11 RC7-->C:\Program Files\TVersity\Media Server\uninst.exe
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
    Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    Vodei Multimedia Processor 2.00-->C:\Program Files\Vodei\uninst.exe
    WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
    WD Media Center Driver-->MsiExec.exe /X{3F70FB44-FD00-4ED2-9154-661AA9DB0B28}
    Win AVI HelixSDK-->"C:\Program Files\WinAVIVideoConverter\HelixSDK\unins000.exe"
    WinAVIVideoConverter-->"C:\Program Files\WinAVIVideoConverter\unins000.exe"
    Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    xImage-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31492759-0E89-46B5-9770-F6E5808E3017}\Setup.exe" -l0x9
    XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe"
    Yahoo! Address AutoComplete-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: AVG Anti-Virus Free

    ======System event log======

    Computer Name: 70E9OW531HWRKW8
    Event Code: 8021
    Message: The browser was unable to retrieve a list of servers from the browser master \\HOME-PC on the network \Device\NetBT_Tcpip_{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}.
    The data is the error code.

    Record Number: 35840
    Source Name: BROWSER
    Time Written: 20090618064816.000000-240
    Event Type: warning
    User:

    Computer Name: 70E9OW531HWRKW8
    Event Code: 16
    Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

    Record Number: 35839
    Source Name: Windows Update Agent
    Time Written: 20090618040208.000000-240
    Event Type: error
    User:

    Computer Name: 70E9OW531HWRKW8
    Event Code: 4321
    Message: The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.96.
    The machine with the IP address 192.168.1.94 did not allow the name to be claimed by
    this machine.

    Record Number: 35838
    Source Name: NetBT
    Time Written: 20090618001611.000000-240
    Event Type: error
    User:

    Computer Name: 70E9OW531HWRKW8
    Event Code: 36
    Message: The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.

    Record Number: 35833
    Source Name: W32Time
    Time Written: 20090617070607.000000-240
    Event Type: warning
    User:

    Computer Name: 70E9OW531HWRKW8
    Event Code: 7011
    Message: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

    Record Number: 35830
    Source Name: Service Control Manager
    Time Written: 20090616082759.000000-240
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: 70E9OW531HWRKW8
    Event Code: 1524
    Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



    Record Number: 6219
    Source Name: Userenv
    Time Written: 20080713130029.000000-240
    Event Type: warning
    User: 70E9OW531HWRKW8\Owner

    Computer Name: 70E9OW531HWRKW8
    Event Code: 1517
    Message: Windows saved user 70E9OW531HWRKW8\Guest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 6218
    Source Name: Userenv
    Time Written: 20080713130008.000000-240
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: 70E9OW531HWRKW8
    Event Code: 5000
    Message: EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

    Record Number: 6216
    Source Name: MPSampleSubmission
    Time Written: 20080711080104.000000-240
    Event Type: error
    User:

    Computer Name: 70E9OW531HWRKW8
    Event Code: 1517
    Message: Windows saved user 70E9OW531HWRKW8\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 6206
    Source Name: Userenv
    Time Written: 20080710030445.000000-240
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: 70E9OW531HWRKW8
    Event Code: 1524
    Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



    Record Number: 6205
    Source Name: Userenv
    Time Written: 20080710030403.000000-240
    Event Type: warning
    User: 70E9OW531HWRKW8\Owner

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\3dsmax5\backburner2\;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

    -----------------EOF-----------------

  6. #6
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    BitComet 0.96

    BitTorrent 5.0.9


    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Also available here.

    My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



    Step # 1: Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    *Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    When finished, it shall produce a log for you. Please include C:\ComboFix.txt and a fresh HiJackThis Log in your next reply.

    Use multiple posts if you can't fit everything into one post.
    Malware Removal University Master
    Member of ASAP & UNITE

  7. #7
    Junior Member
    Join Date
    Aug 2006
    Posts
    21

    Default

    ComboFix 09-08-04.04 - Owner 08/05/2009 20:09.1.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.205 [GMT -4:00]
    Running from: c:\documents and settings\Owner.70E9OW531HWRKW8\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\OWNER~1.70E\LOCALS~1\Temp\catchme.dll
    c:\documents and settings\Owner.70E9OW531HWRKW8\Local Settings\Temp\catchme.dll
    c:\program files\Common Files\fnts~1
    c:\program files\Common Files\stem32~1
    c:\program files\Common Files\wnsxs~1
    c:\program files\icroso~1.net
    c:\program files\SmartShopper
    c:\recycler\S-1-5-21-1292428093-1482476501-1417001333-1003
    c:\recycler\S-1-5-21-1292428093-1482476501-1417001333-1004
    c:\recycler\S-1-5-21-1292428093-1482476501-1417001333-501
    c:\windows\10357zro91ef.cpl
    c:\windows\1054thie92z58.cpl
    c:\windows\11401s5az9ot59b.dll
    c:\windows\11598spamboz5e6.cpl
    c:\windows\11649n5t-a-vzr9s62.dll
    c:\windows\12226v9rzs17e5.dll
    c:\windows\1253ad59aze2.ocx
    c:\windows\1267z9iru590.dll
    c:\windows\13409not-a-v5rus113z.ocx
    c:\windows\1354zviru9155.ocx
    c:\windows\1355nzt-9-virus1f3.dll
    c:\windows\1359zhief1191.bin
    c:\windows\137045ot-9-virzs6d3.ocx
    c:\windows\13927hzckt59l59.dll
    c:\windows\1395zi5us7fa.cpl
    c:\windows\13z5ha9ktool2d7.ocx
    c:\windows\14061z9cktool502.dll
    c:\windows\140aspzwa5e2969.cpl
    c:\windows\1445znot-a-virus759.dll
    c:\windows\14484wo5m1z9.exe
    c:\windows\14958zirus39b.ocx
    c:\windows\1496zw9rm250.bin
    c:\windows\14z66wo5m5b09.cpl
    c:\windows\15175n9t-a-vir5s2z.bin
    c:\windows\15222v9ru53ebz.dll
    c:\windows\153cs9eaz2682.ocx
    c:\windows\1559addwarz9791.bin
    c:\windows\15b99ownlozder229.ocx
    c:\windows\15d4addwaz979.bin
    c:\windows\15z799pyc3.bin
    c:\windows\160fspy5are9z8.exe
    c:\windows\16158z9t-a-virus1cb.ocx
    c:\windows\16520not-a-59ruz522.exe
    c:\windows\1672zspa5b9t21a.ocx
    c:\windows\170z8vi5us7c9.bin
    c:\windows\1723t5rezt19958.dll
    c:\windows\17251w9rm4bbz.dll
    c:\windows\17599hacktool752z.cpl
    c:\windows\1795troj5z5.ocx
    c:\windows\17d3t5rezt29697.bin
    c:\windows\1800spa9bot545z.dll
    c:\windows\18232woz9455.ocx
    c:\windows\18390wormz835.bin
    c:\windows\187995zrm5f8.exe
    c:\windows\18863za95tool86.exe
    c:\windows\18945zirus635.bin
    c:\windows\19045spazbot12e.exe
    c:\windows\190zvir1075.exe
    c:\windows\19131tro591z.ocx
    c:\windows\19143hazktool5849.bin
    c:\windows\19275szyc99.cpl
    c:\windows\195backdzor9435.cpl
    c:\windows\19725spamb5tz5.exe
    c:\windows\198b5hrzat27564.ocx
    c:\windows\1997zp5ec.cpl
    c:\windows\1a99do5nloaderz853.dll
    c:\windows\1b39addwarz2485.bin
    c:\windows\1e785teaz2309.exe
    c:\windows\1ed5baczd9or399.bin
    c:\windows\1z34959ambot4d6.dll
    c:\windows\1z5not-a9virus15.exe
    c:\windows\1z9435ackt9olbf.exe
    c:\windows\1z951worm759.exe
    c:\windows\1z9799o5-a-virus200.exe
    c:\windows\1zd9s9arse5000.bin
    c:\windows\1zf1st5al1995.bin
    c:\windows\2029spywar51408z.bin
    c:\windows\202bs5zwar9391.dll
    c:\windows\20afaddwa95678z.cpl
    c:\windows\20z9thie524359.exe
    c:\windows\21290zpy759.dll
    c:\windows\21375ownlzader26209.ocx
    c:\windows\215ddo95loazer98.cpl
    c:\windows\2185s9ywa5ez289.bin
    c:\windows\21z24troj5f79.cpl
    c:\windows\2325thre5t3z998.ocx
    c:\windows\2388zo9m4c85.dll
    c:\windows\23985ownloade97z.cpl
    c:\windows\23999ha5ktool1z2.ocx
    c:\windows\24563zot-a-v5rus296.bin
    c:\windows\25118h9ckzool55c.ocx
    c:\windows\25154hacz9ool1ef.dll
    c:\windows\2515a9dwarz1389.cpl
    c:\windows\2544backzoor2912.ocx
    c:\windows\25601s9amzot7f1.exe
    c:\windows\25656trojz595.exe
    c:\windows\2569zspy1055.cpl
    c:\windows\2575tr9j5bz.cpl
    c:\windows\25835nzt-a-v9rus69a.bin
    c:\windows\258579pz55.bin
    c:\windows\25951spzmbot719.exe
    c:\windows\2596addwarz581.exe
    c:\windows\25b4s9azse5858.dll
    c:\windows\25z4a5dware1895.bin
    c:\windows\25zbbackdoor199.exe
    c:\windows\26084virus695z.ocx
    c:\windows\26470zack5oo9fb.dll
    c:\windows\27d2vir9z65.cpl
    c:\windows\28511spy9cz5.exe
    c:\windows\28678spa5bot9z7.cpl
    c:\windows\2880not-a-vi5u95bz.cpl
    c:\windows\29017worz593.exe
    c:\windows\29055zorm1a8.dll
    c:\windows\291thre59z642.exe
    c:\windows\2982s5ar9e234z.exe
    c:\windows\2983zspy569.cpl
    c:\windows\29e7threa52505z.bin
    c:\windows\29z9hac5tool184.cpl
    c:\windows\2a11steal91z5.dll
    c:\windows\2b9cs9arsz3155.ocx
    c:\windows\2c59a9dza5e780.bin
    c:\windows\2c79spzwar91825.exe
    c:\windows\2d95backdoor1310z.ocx
    c:\windows\2dc1addwaze23959.exe
    c:\windows\2eazsp9r5e319.ocx
    c:\windows\2f7fzddw5re2209.exe
    c:\windows\2z295ief765.exe
    c:\windows\2z39spywar51993.exe
    c:\windows\2z40t9re5t20565.dll
    c:\windows\2z830not-a-virus951.cpl
    c:\windows\30bfs9z5l2823.bin
    c:\windows\30z79vi5us267.ocx
    c:\windows\3158zspamb9te5.bin
    c:\windows\31870zpam95t230.exe
    c:\windows\31934spz9bot5ab.dll
    c:\windows\32201zot-a-v9ru533d.exe
    c:\windows\32420zot-a-vi9us456.dll
    c:\windows\3490add9zr5366.cpl
    c:\windows\35098spy6z0.dll
    c:\windows\353sp965z.dll
    c:\windows\3547virz99.cpl
    c:\windows\355fbackdoor2z09.bin
    c:\windows\359zv9r3035.bin
    c:\windows\3679stea516z9.cpl
    c:\windows\3732h5zkt9ol325.ocx
    c:\windows\39223zorm465.bin
    c:\windows\3929s5eal248z.exe
    c:\windows\39505acztool562.bin
    c:\windows\39cezpyw9re1259.dll
    c:\windows\3a88s95alz15.bin
    c:\windows\3aa4addzare5095.dll
    c:\windows\3aa5zhreat19647.cpl
    c:\windows\3addbac5doo9z29.bin
    c:\windows\3ae6zac5d9or855.bin
    c:\windows\3bee5pars93z63.dll
    c:\windows\3c9badzware5629.cpl
    c:\windows\3cazsteal2957.bin
    c:\windows\3f10steal905z5.dll
    c:\windows\3f5btzie91502.dll
    c:\windows\3fz7addware5968.dll
    c:\windows\3z709irus6ec5.ocx
    c:\windows\40fb59ief256z.ocx
    c:\windows\41e4spars915z4.dll
    c:\windows\4399tr9z565.ocx
    c:\windows\44db9ck5oor12z5.cpl
    c:\windows\4527addwarez0669.ocx
    c:\windows\453thr9atz37235.ocx
    c:\windows\4551spyza5e1895.exe
    c:\windows\4570virus1z9.dll
    c:\windows\4599zirus675.exe
    c:\windows\459backdoor2z44.bin
    c:\windows\45aeaddw5r9177z.exe
    c:\windows\45c5vir9z80.dll
    c:\windows\45fbackdo5z1994.ocx
    c:\windows\45z9spyw5re86.ocx
    c:\windows\476edow9zoa5er1554.ocx
    c:\windows\481s5ars91265z.bin
    c:\windows\4875szea59697.bin
    c:\windows\4881not-a9viru55za.cpl
    c:\windows\48acthreaz92915.exe
    c:\windows\48f9zackd9o5329.bin
    c:\windows\4994thie95738z.exe
    c:\windows\4b61zpa9se19225.ocx
    c:\windows\4bb5spyware27z89.cpl
    c:\windows\4bz15ownloade91551.ocx
    c:\windows\4c06dzwnl5a9er119.ocx
    c:\windows\4c645ack9oor3z92.ocx
    c:\windows\4d7aza9kdoor1465.exe
    c:\windows\4dcfsparsz51219.bin
    c:\windows\4dzdadd9are509.cpl
    c:\windows\50f3vir1z709.dll
    c:\windows\51279worm7z9.dll
    c:\windows\51460z9ambotaf.bin
    c:\windows\51bed5wnzoade91561.ocx
    c:\windows\51f3addw5r9181z.dll
    c:\windows\52227hacktool169z.dll
    c:\windows\5223zsp91fa.exe
    c:\windows\52z1stea96735.ocx
    c:\windows\53304vir9z608.dll
    c:\windows\53507wo9m363z.cpl
    c:\windows\53955pyz8c.ocx
    c:\windows\54201vizu9135.bin
    c:\windows\5426zte5l9339.bin
    c:\windows\54349ackdoor1z50.dll
    c:\windows\54533spy19z.bin
    c:\windows\5458downloa9er555z.exe
    c:\windows\54759pywarz2146.bin
    c:\windows\549zvi9958.ocx
    c:\windows\54ab9ckdo5r166z.cpl
    c:\windows\54be5zief27059.dll
    c:\windows\54fzpa9se2955.exe
    c:\windows\54z2s9yware770.cpl
    c:\windows\55225pzmbot391.dll
    c:\windows\559fspazse2192.exe
    c:\windows\55eavir1z069.ocx
    c:\windows\5631spzrse3095.bin
    c:\windows\5650thzef2957.ocx
    c:\windows\5692vir9916z.bin
    c:\windows\56aa9iz25075.exe
    c:\windows\5739downz9ader2276.bin
    c:\windows\5778backdzor9975.ocx
    c:\windows\57ee5hreat9z730.ocx
    c:\windows\58474not-9-virzs74d.bin
    c:\windows\58e4thre9t273z3.exe
    c:\windows\5929sz59se300.dll
    c:\windows\594z59ormd5.bin
    c:\windows\5955h5cktooz19f.ocx
    c:\windows\595daddzare3247.bin
    c:\windows\59659wormz4f.exe
    c:\windows\599eazdware1597.dll
    c:\windows\59z16spy497.dll
    c:\windows\5a15vir916z.ocx
    c:\windows\5b79threaz23858.exe
    c:\windows\5b95vzr154.exe
    c:\windows\5b9zbackd5or470.bin
    c:\windows\5d72vir909z.dll
    c:\windows\5f90backdoo935z8.ocx
    c:\windows\5z04back9oo51819.cpl
    c:\windows\5z7ca9dware19955.dll
    c:\windows\5za6t9reat8352.ocx
    c:\windows\5za9vir2954.exe
    c:\windows\6052viruzb9.bin
    c:\windows\60azt95ef2379.cpl
    c:\windows\6159sparsz2597.bin
    c:\windows\620thre9tz5589.dll
    c:\windows\63abdo9nlozder2105.bin
    c:\windows\63beviz99765.bin
    c:\windows\655czt9al1487.dll
    c:\windows\656zsp9rse2790.ocx
    c:\windows\65b5st5al994z.cpl
    c:\windows\65z8vir26559.ocx
    c:\windows\65za5ddware789.cpl
    c:\windows\66279ddwaze855.exe
    c:\windows\6799thrzat55393.bin
    c:\windows\6995backdoor6z5.dll
    c:\windows\6a5dthrezt96045.exe
    c:\windows\6b5espywzre23169.cpl
    c:\windows\6b96za9kdoor16895.bin
    c:\windows\6c19s5yware1596z.ocx
    c:\windows\6d72a9dware15z3.ocx
    c:\windows\6z55vi9us12f.bin
    c:\windows\70d6downzoa9er5815.bin
    c:\windows\71c09ir5267z.exe
    c:\windows\727zv591683.dll
    c:\windows\7491spywz5e674.cpl
    c:\windows\74f6zparse9435.dll
    c:\windows\7525zparse2496.exe
    c:\windows\7529thzef2615.dll
    c:\windows\7597downloader20z89.dll
    c:\windows\75f6s9yzare1075.cpl
    c:\windows\7844hackz9ol7925.cpl
    c:\windows\786ath5eat39332z.cpl
    c:\windows\7895s5arze2150.ocx
    c:\windows\793zviru559.exe
    c:\windows\7a38zp9rse29795.cpl
    c:\windows\7a8fadd95re6z3.exe
    c:\windows\7bbcspyzare11935.cpl
    c:\windows\7bc1spy9are2975z.cpl
    c:\windows\7c12z5eal796.exe
    c:\windows\7c84s5y9are252z.cpl
    c:\windows\7e38downloazer9597.dll
    c:\windows\7f9495wnloadzr1862.ocx
    c:\windows\819zvir5sce.cpl
    c:\windows\84s9ars52z16.dll
    c:\windows\8529hackt95z2cc.ocx
    c:\windows\857spars91028z.cpl
    c:\windows\862spar5e31z9.ocx
    c:\windows\8790notz9-virus785.cpl
    c:\windows\8855z9cktool20c.exe
    c:\windows\8d5th5z9t9437.ocx
    c:\windows\9123not-a-vzru5152.ocx
    c:\windows\9219n59-a-virzsa2.dll
    c:\windows\9222sp579z.exe
    c:\windows\946459y553z.bin
    c:\windows\9465hackto5l92z.exe
    c:\windows\956dst5az532.bin
    c:\windows\95755tealz55.bin
    c:\windows\958zsp5mbot30e.exe
    c:\windows\959sparse1z83.bin
    c:\windows\97276hacktoo51d4z.exe
    c:\windows\97espy5a9ez66.bin
    c:\windows\988fdownloader5205z.bin
    c:\windows\991bac5doorz456.ocx
    c:\windows\99463h5zktool53f.exe
    c:\windows\995virz933.dll
    c:\windows\996t5oz408.cpl
    c:\windows\99959vzrus15.exe
    c:\windows\9b02spa5sez01.dll
    c:\windows\9b82addware58z.ocx
    c:\windows\9b8bvir3155z.bin
    c:\windows\9c0spyzare26685.dll
    c:\windows\9dfzhreat158219.ocx
    c:\windows\9evzr5009.dll
    c:\windows\9z185or915d.ocx
    c:\windows\9z95not-a-virus2fd.exe
    c:\windows\9zeaspyw5re746.ocx
    c:\windows\a059pars5804z.dll
    c:\windows\a57spywaze1955.bin
    c:\windows\b79zteal5359.ocx
    c:\windows\d3a9hie5z53.exe
    c:\windows\d51stezl969.dll
    c:\windows\e63spy95ze2659.dll
    c:\windows\e815zarse11559.exe
    c:\windows\ed9s5eal176z.exe
    c:\windows\fdavz9553.exe
    c:\windows\Installer\80a4107.msp
    c:\windows\system32\1004noz-a-virus45b9.dll
    c:\windows\system32\10145n9t-a-zirus2aa.dll
    c:\windows\system32\10316not-9-viruz6845.dll
    c:\windows\system32\10583w9rmza25.bin
    c:\windows\system32\1063zte953197.exe
    c:\windows\system32\107535irusz489.ocx
    c:\windows\system32\10942z9rus1165.ocx
    c:\windows\system32\11809not-a-v5zusb9.ocx
    c:\windows\system32\1190spywaz5495.dll
    c:\windows\system32\11z2vir9256.bin
    c:\windows\system32\120z1s9y58a5.ocx
    c:\windows\system32\12583hazktool1569.bin
    c:\windows\system32\12751no5-a-9izus4f5.exe
    c:\windows\system32\12895tzoj645.exe
    c:\windows\system32\1295zir9128.bin
    c:\windows\system32\12996szambo516e.cpl
    c:\windows\system32\12z955ot-9-virus366.cpl
    c:\windows\system32\1306zhacktoo95cc.exe
    c:\windows\system32\13337hac59oolz5e.bin
    c:\windows\system32\13435sp9z6.cpl
    c:\windows\system32\13595spz46f.cpl
    c:\windows\system32\136549py7ez.bin
    c:\windows\system32\13679virzs511.dll
    c:\windows\system32\138899orm5a5z.dll
    c:\windows\system32\13z11spy759.exe
    c:\windows\system32\14099sp9mb5tze6.cpl
    c:\windows\system32\14145not-azvirus9f3.cpl
    c:\windows\system32\14594spy1z.ocx
    c:\windows\system32\14667s5yzf9.exe
    c:\windows\system32\15094s5zmbo9317.exe
    c:\windows\system32\1516virz5559.ocx
    c:\windows\system32\15508s9ambot5z6.exe
    c:\windows\system32\15847spambot39z.cpl
    c:\windows\system32\15999zroj62c.dll
    c:\windows\system32\16247n5t-a9zirus45d.cpl
    c:\windows\system32\1652spamb9t16fz.cpl
    c:\windows\system32\16587not9azvirus35b5.ocx
    c:\windows\system32\1685895rusz40.exe
    c:\windows\system32\17135vir9s45z.exe
    c:\windows\system32\1721tzief2539.cpl
    c:\windows\system32\175da9dwz5e1031.bin
    c:\windows\system32\176799pzmbot145.ocx
    c:\windows\system32\17849zir5s593.exe
    c:\windows\system32\17995zirus5bd.exe
    c:\windows\system32\179z5py4fc.bin
    c:\windows\system32\188b95zware3244.exe
    c:\windows\system32\18907wzrm145.bin
    c:\windows\system32\18919sp9252z.ocx
    c:\windows\system32\1919zpy6da5.dll
    c:\windows\system32\19327spzmbot5cc.bin
    c:\windows\system32\19478spambot7z5.bin
    c:\windows\system32\1978thre5t1198z.exe
    c:\windows\system32\1985z5py4a9.cpl
    c:\windows\system32\19897w9r529bz.cpl
    c:\windows\system32\19920zpa5bot285.ocx
    c:\windows\system32\19e0thizf158.dll
    c:\windows\system32\19z25spy9d.exe
    c:\windows\system32\19z54worm56d.cpl
    c:\windows\system32\1a38szyw5re964.bin
    c:\windows\system32\1abdthre59z0606.exe
    c:\windows\system32\1be1zt59l294.exe
    c:\windows\system32\1c2ddownlo9der2z5.exe
    c:\windows\system32\1c40bzckdo5r2963.ocx
    c:\windows\system32\1ca4thr5at19z67.bin
    c:\windows\system32\1e4c5hi9f634z.bin
    c:\windows\system32\1z2f5ac9door657.ocx
    c:\windows\system32\1z31spy569.ocx
    c:\windows\system32\1z369sp54309.cpl
    c:\windows\system32\1z75ba5kd9or751.dll
    c:\windows\system32\1z9dthrea925414.bin
    c:\windows\system32\1zacbackdoo52389.dll
    c:\windows\system32\1zd25pyware6299.cpl
    c:\windows\system32\202dthrea910945z.cpl
    c:\windows\system32\21259spy2d5z.dll
    c:\windows\system32\21366s5a9boz33e.dll
    c:\windows\system32\21545v9rus36z.cpl
    c:\windows\system32\2158sp9rze837.exe
    c:\windows\system32\21z905iru965a.ocx
    c:\windows\system32\225evir194z.exe
    c:\windows\system32\225fazdware22479.exe
    c:\windows\system32\231359o5z685.cpl
    c:\windows\system32\23305ha9ktoolz4.cpl
    c:\windows\system32\2331h5cztool4bd9.cpl
    c:\windows\system32\2390zha5ktool5be.dll
    c:\windows\system32\239fthie51269z.ocx
    c:\windows\system32\23f2bac5do9r26z0.cpl
    c:\windows\system32\240z8not9a-5irus6b5.exe
    c:\windows\system32\24499not5azvirus4d9.ocx
    c:\windows\system32\24809virus50z.exe
    c:\windows\system32\24952zroj261.exe
    c:\windows\system32\24z75hac5tool1c9.bin
    c:\windows\system32\25129ddwzre2557.exe
    c:\windows\system32\255z8tro9315.bin
    c:\windows\system32\258235acktool579z.bin
    c:\windows\system32\25840not-a-9iruzda.ocx
    c:\windows\system32\258z09pambot1255.bin
    c:\windows\system32\2595spzware2859.exe
    c:\windows\system32\25dz9ackdoor3151.cpl
    c:\windows\system32\25e4threaz295999.exe
    c:\windows\system32\25f25t9az1182.cpl
    c:\windows\system32\26589tro54z5.exe
    c:\windows\system32\265ebackd9orz384.bin
    c:\windows\system32\26755orz73f9.exe
    c:\windows\system32\27258vzru59dd.ocx
    c:\windows\system32\2761zs9552f.ocx
    c:\windows\system32\277295rzj769.cpl
    c:\windows\system32\2775zwo9m649.bin
    c:\windows\system32\2805steal963z.exe
    c:\windows\system32\2811downloader596z9.bin
    c:\windows\system32\28595v9rus7z5.ocx
    c:\windows\system32\287225or91e6z.ocx
    c:\windows\system32\2889th5ef1z30.cpl
    c:\windows\system32\28a9spywzr5973.bin
    c:\windows\system32\291z7s5y4d5.ocx
    c:\windows\system32\29436vir5z422.bin
    c:\windows\system32\295389ackzool654.dll
    c:\windows\system32\295faddwarz2635.cpl
    c:\windows\system32\29z8sparse1595.dll
    c:\windows\system32\2bb5z5e9l20.exe
    c:\windows\system32\2bf5ackd9oz2173.exe
    c:\windows\system32\2bfz9hreat31592.ocx
    c:\windows\system32\2ca79hizf518.exe
    c:\windows\system32\2d2e59dware249z.exe
    c:\windows\system32\2f9a5zwnloader816.cpl
    c:\windows\system32\2faastea91z59.exe
    c:\windows\system32\2z536n9t-a-vir5s34f.dll
    c:\windows\system32\2z554not-a9virus2d.dll
    c:\windows\system32\2z6335orm3259.exe
    c:\windows\system32\3015addwarz1595.exe
    c:\windows\system32\30215s9zmbot2ac.ocx
    c:\windows\system32\302955ot-a-vizus521.bin
    c:\windows\system32\30471hzck9ool569.ocx
    c:\windows\system32\30557not-z-virus1a99.bin
    c:\windows\system32\3086959rmzf.bin
    c:\windows\system32\30895zo593d6.ocx
    c:\windows\system32\30905worm1b6z.exe
    c:\windows\system32\31255not-9-v5rzs440.dll
    c:\windows\system32\313z9sp9159.ocx
    c:\windows\system32\31629hacktooz15f.dll
    c:\windows\system32\31649s9am5ot6cz.exe
    c:\windows\system32\317065pam9otze2.bin
    c:\windows\system32\32228ha9ktoolzd5.dll
    c:\windows\system32\32451not-a-virus695z.exe
    c:\windows\system32\32766wor95zf.exe
    c:\windows\system32\3358noz-a5viru9502.cpl
    c:\windows\system32\339ca5dwarez808.dll
    c:\windows\system32\3423zi9us579.dll
    c:\windows\system32\344et5r9zt26296.ocx
    c:\windows\system32\3497vi5243z.cpl
    c:\windows\system32\34b9t5reatz2829.dll
    c:\windows\system32\3589back9oor5z5.dll
    c:\windows\system32\35aspzrse595.ocx
    c:\windows\system32\3623zac5door19.exe
    c:\windows\system32\3630s9ywar5z014.cpl
    c:\windows\system32\36e25d9warez008.dll
    c:\windows\system32\3756bazkdoor996.cpl
    c:\windows\system32\3799s5arsez15.cpl
    c:\windows\system32\37cc9teal8z15.cpl
    c:\windows\system32\3967th5zat176349.cpl
    c:\windows\system32\3991threaz11589.dll
    c:\windows\system32\399cs5ywarez327.cpl
    c:\windows\system32\39b7threatz8534.exe
    c:\windows\system32\39zethief1854.exe
    c:\windows\system32\3c8ezpywar524969.bin
    c:\windows\system32\40fdspywa5e93z9.dll
    c:\windows\system32\410notza-v5rus995.dll
    c:\windows\system32\419bbackd5or1347z.bin
    c:\windows\system32\41cfbackdoo5z928.ocx
    c:\windows\system32\435b5hief2z49.exe
    c:\windows\system32\43f9thi592515z.bin
    c:\windows\system32\4455v9z521.cpl
    c:\windows\system32\4523worm5zd9.dll
    c:\windows\system32\459cthiez1232.ocx
    c:\windows\system32\45b6tzrea925849.ocx
    c:\windows\system32\45bviz1199.cpl
    c:\windows\system32\4659th5zat12952.ocx
    c:\windows\system32\477cbazkd95r1650.dll
    c:\windows\system32\47a3szarse5969.dll
    c:\windows\system32\47e1downlozd95482.dll
    c:\windows\system32\crosof~1.net
    c:\windows\system32\lo2.txtt
    c:\windows\system32\ppatch~1
    c:\windows\system32\sembly~1
    c:\windows\system32\stem~1
    c:\windows\system32\stem32~1
    c:\windows\system32\uninstall.exe
    c:\windows\system32\wnsxs~1
    c:\windows\z0025acktool590.ocx
    c:\windows\z014t5ief491.ocx
    c:\windows\z05dbackdoor2892.dll
    c:\windows\z1484worm5b69.exe
    c:\windows\z169ack5oor2854.bin
    c:\windows\z19ethrea917045.bin
    c:\windows\z2169hack5ool326.bin
    c:\windows\z2438not-a-9i5us7a5.ocx
    c:\windows\z2718spam95t244.bin
    c:\windows\z515th9ef1697.exe
    c:\windows\z518vir190.cpl
    c:\windows\z5489virus359.cpl
    c:\windows\z558threat19755.cpl
    c:\windows\z5930hacktool19a.bin
    c:\windows\z5959spy1d.dll
    c:\windows\z5997not-a-v9rus154.ocx
    c:\windows\z612ba5kdoor2194.exe
    c:\windows\z6362virus3985.dll
    c:\windows\z6552vi9us49d.exe
    c:\windows\z7859virus64d9.bin
    c:\windows\z796spamb5t535.bin
    c:\windows\z855wormac9.cpl
    c:\windows\z891d5wnload9r2382.exe
    c:\windows\z8a4spar5e9914.bin
    c:\windows\z8th5ef994.bin
    c:\windows\z9188spy985.dll
    c:\windows\z921s5eal1642.exe
    c:\windows\z9504virus2cd.exe
    c:\windows\z96235pambot54a.cpl
    c:\windows\z966addw59e526.exe
    c:\windows\z979virus55e.ocx
    c:\windows\z9b55teal1461.bin
    c:\windows\z9e4backdoor529.dll
    c:\windows\zbdcdo9nloade5143.bin
    c:\windows\zbf0backdoor13945.cpl
    c:\windows\zc21backd5or9264.exe
    c:\windows\zce3th59f1201.exe
    c:\windows\ze55backdoor1619.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_RKHIT
    -------\Legacy_WINDOWS_OVERLAY_COMPONENTS
    -------\Service_RkHit


    ((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
    .

    2009-12-24 22:45 . 2009-12-24 22:45 9672 ----a-w- c:\windows\system32\65z259t-a-virus732.bin
    2009-12-11 05:10 . 2009-12-11 05:10 5269 ----a-w- c:\windows\system32\985bspywarez192.bin
    2009-12-06 00:13 . 2009-12-06 00:13 13226 ----a-w- c:\windows\system32\5500troj6fz9.dll
    2009-11-22 22:45 . 2009-11-22 22:45 4511 ----a-w- c:\windows\system32\54319zpy73d.dll
    2009-11-21 21:10 . 2009-11-21 21:10 10488 ----a-w- c:\windows\system32\7c5dspyzare1695.dll
    2009-11-16 11:27 . 2009-11-16 11:27 11102 ----a-w- c:\windows\system32\z7713troj9875.bin
    2009-11-16 06:49 . 2009-11-16 06:49 7584 ----a-w- c:\windows\system32\5zathi9f396.bin
    2009-10-27 16:28 . 2009-10-27 16:28 8743 ----a-w- c:\windows\system32\5119thr9z514866.dll
    2009-10-17 15:08 . 2009-10-17 15:08 10649 ----a-w- c:\windows\system32\7z94ha9kt5ol786.exe
    2009-10-11 21:12 . 2009-10-11 21:12 11201 ----a-w- c:\windows\system32\f1fadd5arz9314.exe
    2009-10-11 13:10 . 2009-10-11 13:10 10701 ----a-w- c:\windows\system32\6918hzck9oolc55.exe
    2009-10-09 06:09 . 2009-10-09 06:09 4025 ----a-w- c:\windows\system32\69c45oznloader2851.dll
    2009-10-06 11:26 . 2009-10-06 11:26 3390 ----a-w- c:\windows\system32\z13389i5us1aa.dll
    2009-09-28 20:47 . 2009-09-28 20:47 15009 ----a-w- c:\windows\system32\49c7thiez1577.dll
    2009-09-23 15:35 . 2009-09-23 15:35 16429 ----a-w- c:\windows\system32\7cbzdown5oader9700.bin
    2009-09-21 16:27 . 2009-09-21 16:27 10332 ----a-w- c:\windows\system32\8ectzr9at18358.dll
    2009-09-17 01:25 . 2009-09-17 01:25 11779 ----a-w- c:\windows\system32\92645p94adz.exe
    2009-09-16 08:26 . 2009-09-16 08:26 11934 ----a-w- c:\windows\system32\594caddzare21915.dll
    2009-09-12 01:20 . 2009-09-12 01:20 3299 ----a-w- c:\windows\system32\99149irus18z5.dll
    2009-08-17 10:32 . 2009-08-17 10:32 12871 ----a-w- c:\windows\system32\4975zorm367.dll
    2009-08-14 03:22 . 2009-08-14 03:22 4215 ----a-w- c:\windows\system32\759c5ackdzor4149.bin
    2009-08-04 19:08 . 2009-08-04 19:11 -------- d-----w- C:\rsit
    2009-08-04 04:03 . 2005-03-01 03:52 102400 ----a-w- c:\windows\system32\unzip3252.dll
    2009-08-04 04:03 . 2001-05-30 14:00 352256 ----a-w- c:\windows\system32\ijl15.dll
    2009-08-04 04:03 . 2004-05-04 15:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
    2009-08-04 04:03 . 2002-07-25 02:43 667648 ----a-w- c:\windows\system32\FreeImage.dll
    2009-08-04 04:03 . 1998-08-29 17:50 40448 ----a-w- c:\windows\system32\UNACE.DLL
    2009-08-04 03:44 . 2009-08-04 03:44 -------- d-----w- c:\program files\Trend Micro
    2009-08-03 21:50 . 2009-08-03 21:50 -------- d-----w- c:\program files\Safer Networking
    2009-08-03 20:31 . 2009-08-03 21:59 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2009-08-03 15:58 . 2009-08-03 15:58 11922 ----a-w- c:\windows\system32\5a59vzr9215.dll
    2009-08-03 09:08 . 2009-08-03 09:08 12961 ----a-w- c:\windows\system32\4z72t59ef2502.dll
    2009-08-01 10:16 . 2009-08-01 10:16 10394 ----a-w- c:\windows\system32\4979spyware295z.dll
    2009-07-29 17:33 . 2009-07-29 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sony
    2009-07-24 01:44 . 2009-07-24 01:44 7307 ----a-w- c:\windows\system32\9za4threat14529.bin
    2009-07-21 10:34 . 2009-07-21 10:34 6694 ----a-w- c:\windows\system32\4899downlza5er113.exe
    2009-07-18 02:35 . 2009-07-22 18:49 -------- d-----w- C:\0ftp
    2009-07-11 23:14 . 2009-07-11 23:14 17223 ----a-w- c:\windows\system32\62c59parsz884.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-05 23:59 . 2006-02-12 21:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-08-05 23:57 . 2009-04-04 03:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
    2009-08-05 23:57 . 2006-09-26 20:18 -------- d-----w- c:\program files\BitTorrent
    2009-08-05 18:35 . 2008-04-10 08:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
    2009-08-05 07:13 . 2009-04-19 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2009-08-05 03:59 . 2006-02-12 21:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-04 04:03 . 2003-05-24 23:28 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-04 03:53 . 2009-04-04 03:54 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-08-03 21:57 . 2007-03-09 04:05 -------- d-----w- c:\program files\GoPets Ltd
    2009-07-29 17:41 . 2007-03-07 03:03 -------- d-----w- c:\program files\PokerRoom.com
    2009-07-26 06:17 . 2006-09-07 10:47 -------- d-----w- c:\program files\mIRC
    2009-07-24 00:37 . 2007-11-15 07:48 -------- d-----w- c:\program files\BitComet
    2009-07-03 00:44 . 2009-07-03 00:44 16952 ----a-w- c:\windows\system32\zd15backdoo92486.exe
    2009-06-29 16:12 . 2004-08-24 04:32 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 16:12 . 2002-09-03 16:29 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-06-29 12:55 . 2009-04-04 03:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-06-29 12:55 . 2008-04-14 22:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-24 01:18 . 2009-06-24 01:18 8611 ----a-w- c:\windows\system32\z7585ir9197.bin
    2009-06-20 20:25 . 2009-06-20 20:25 3182 ----a-w- c:\windows\system32\aecszyware29519.bin
    2009-06-16 14:55 . 2002-09-03 17:06 119808 ------w- c:\windows\system32\t2embed.dll
    2009-06-16 14:55 . 2002-09-03 16:33 82432 ------w- c:\windows\system32\fontsub.dll
    2009-06-12 14:07 . 2009-06-12 14:07 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{A244981E-8404-4D9D-AF17-121138BB71D6}
    2009-06-12 01:18 . 2009-06-12 00:30 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{94032222-2818-4C8C-8989-0DD3E335DD5D}
    2009-06-12 01:06 . 2009-06-12 01:06 -------- d-----w- c:\program files\Hawkes Learning Systems
    2009-06-08 22:09 . 2009-06-08 22:09 4040 ----a-w- c:\windows\system32\90735pz358.bin
    2009-06-06 10:34 . 2009-06-06 10:34 15905 ----a-w- c:\windows\system32\5975addware319z5.bin
    2009-06-05 17:16 . 2009-06-05 17:16 3818 ----a-w- c:\windows\system32\z018threat58089.dll
    2009-06-03 19:27 . 2004-11-05 17:41 1290752 ----a-w- c:\windows\system32\quartz.dll
    2009-05-31 21:46 . 2007-02-18 05:31 130760 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-31 21:43 . 2009-05-31 21:43 130760 ----a-w- c:\documents and settings\Pinnkkk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-31 21:41 . 2007-02-18 05:15 8224 ----a-w- c:\documents and settings\Guest.70E9OW531HWRKW8\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-28 11:11 . 2009-05-28 11:11 8953 ----a-w- c:\windows\system32\z7824virus295.dll
    2009-05-27 09:11 . 2009-05-27 09:11 18094 ----a-w- c:\windows\system32\59e2zte5l794.dll
    2009-05-23 05:35 . 2009-05-23 05:35 4189 ----a-w- c:\windows\system32\z9a1thief31795.exe
    2009-05-21 09:11 . 2009-05-21 09:11 5605 ----a-w- c:\windows\system32\z4472worm59e.bin
    2009-05-20 08:39 . 2009-05-20 08:39 13040 ----a-w- c:\windows\system32\73dcdownzoa5er4619.bin
    2009-05-19 05:36 . 2009-06-14 10:36 2884832 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
    2009-05-19 05:36 . 2009-06-14 10:36 28 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
    2009-05-19 05:36 . 2009-06-14 10:36 1484856 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
    2009-05-19 05:36 . 2009-06-14 10:36 25 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
    2009-05-19 05:36 . 2009-06-14 10:36 97072 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
    2009-05-19 05:36 . 2009-06-14 10:36 142040 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
    2009-05-19 05:36 . 2009-06-14 10:36 30512 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
    2009-05-19 05:36 . 2009-06-14 10:36 111920 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
    2009-05-17 21:23 . 2009-04-04 03:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-05-15 11:06 . 2009-05-15 11:06 17082 ----a-w- c:\windows\system32\z4155h9cktool4b4.dll
    2009-05-14 04:17 . 2009-05-14 04:17 6615 ----a-w- c:\windows\system32\79875iz334.bin
    2009-05-10 19:07 . 2009-05-10 19:07 12006 ----a-w- c:\windows\system32\7489spzrse10925.bin
    2009-05-08 02:42 . 2009-05-08 02:42 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
    2006-05-03 09:06 . 2007-04-29 10:57 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47 . 2007-04-29 10:57 31232 --sh--r- c:\windows\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]
    "PicoZip"="c:\progra~1\PicoZip\PicoZipTray.exe" [2006-06-09 581632]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USBDetector"="c:\usbstorage\USBDetector.exe" [2002-11-26 53248]
    "ShowIcon_The Company_CRW Series Driver v1.17r023"="c:\program files\CRW\shwicon.exe" [2003-01-27 73728]
    "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-03-25 69632]
    "SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
    "EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-20 98304]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [1998-6-6 325632]
    Medic.lnk - c:\program files\Road Runner\Medic\RRMedic.exe [2003-5-24 3362939]

    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-22 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= c:\program files\Windows NT\pokodezu.html
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source= c:\program files\Common Files\mehe.html
    FriendlyName=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-06-29 12:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
    backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.70E9OW531HWRKW8^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
    path=c:\documents and settings\Owner.70E9OW531HWRKW8\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
    backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM95\\aim.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe"=
    "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "21603:TCP"= 21603:TCP:BitComet 21603 TCP
    "21603:UDP"= 21603:UDP:BitComet 21603 UDP

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2009 11:54 PM 335752]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2009 11:54 PM 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/3/2009 11:54 PM 907032]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/3/2009 11:54 PM 298776]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/27/2007 3:38 AM 24652]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 10:19 PM 13592]
    S3 ACCSKMD;Canon Camera Storage Device;c:\windows\system32\drivers\accskmd.sys [5/13/2003 11:50 PM 32640]
    S4 Dcrmsnpbfarc;Dcrmsnpbfarc; [x]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2009-08-06 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-10 13:43]

    2009-08-06 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-AVG Anti-Spyware Guard


    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: {FC53C825-75D4-48EB-BFC6-AB8946AD24BA} = 208.67.220.220,208.67.222.222
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Owner.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\9ncmh1ox.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Picasa2\npPicasa2.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    disk not found C:\

    please note that you need administrator rights to perform deep scan
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1424)
    c:\windows\system32\WININET.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\mshtml.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    c:\windows\system32\drivers\CDANTSRV.EXE
    c:\windows\system32\drivers\dcfssvc.exe
    c:\windows\system32\locator.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\WDC\SetIcon.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-06 20:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-06 00:33

    Pre-Run: 18,314,784,768 bytes free
    Post-Run: 18,216,943,616 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    [spybotsd]
    timeout.old=30

    833 --- E O F --- 2009-08-05 07:13




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:48:31 PM, on 8/5/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\USBStorage\USBDetector.exe
    C:\Program Files\CRW\shwicon.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\WDC\SetIcon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\pokodezu.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\Common Files\mehe.html

    --
    End of file - 9925 bytes

  8. #8
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Step # 1: Run CFScript

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      KILLALL::
      
      Driver::
      
      Dcrmsnpbfarc
      
      File::
      
      c:\windows\system32\65z259t-a-virus732.bin
      c:\windows\system32\985bspywarez192.bin
      c:\windows\system32\5500troj6fz9.dll
      c:\windows\system32\54319zpy73d.dll
      c:\windows\system32\7c5dspyzare1695.dll
      c:\windows\system32\z7713troj9875.bin
      c:\windows\system32\5zathi9f396.bin
      c:\windows\system32\5119thr9z514866.dll
      c:\windows\system32\7z94ha9kt5ol786.exe
      c:\windows\system32\f1fadd5arz9314.exe
      c:\windows\system32\6918hzck9oolc55.exe
      c:\windows\system32\69c45oznloader2851.dll
      c:\windows\system32\z13389i5us1aa.dll
      c:\windows\system32\49c7thiez1577.dll
      c:\windows\system32\7cbzdown5oader9700.bin
      c:\windows\system32\8ectzr9at18358.dll
      c:\windows\system32\92645p94adz.exe
      c:\windows\system32\594caddzare21915.dll
      c:\windows\system32\99149irus18z5.dll
      c:\windows\system32\4975zorm367.dll
      c:\windows\system32\759c5ackdzor4149.bin
      c:\windows\system32\5a59vzr9215.dll
      c:\windows\system32\4z72t59ef2502.dll
      c:\windows\system32\4979spyware295z.dll
      c:\windows\system32\9za4threat14529.bin
      c:\windows\system32\4899downlza5er113.exe
      c:\windows\system32\62c59parsz884.dll
      c:\windows\system32\zd15backdoo92486.exe
      c:\windows\system32\z7585ir9197.bin
      c:\windows\system32\aecszyware29519.bin
      c:\windows\system32\90735pz358.bin
      c:\windows\system32\5975addware319z5.bin
      c:\windows\system32\z018threat58089.dll
      c:\windows\system32\z7824virus295.dll
      c:\windows\system32\59e2zte5l794.dll
      c:\windows\system32\z9a1thief31795.exe
      c:\windows\system32\z4472worm59e.bin
      c:\windows\system32\73dcdownzoa5er4619.bin
      c:\windows\system32\z4155h9cktool4b4.dll
      c:\windows\system32\79875iz334.bin
      c:\windows\system32\7489spzrse10925.bin
      c:\program files\Windows NT\pokodezu.html
      c:\program files\Common Files\mehe.html
      
      Folder::
      
      c:\program files\BitTorrent
      c:\program files\BitComet
      
      Registry::
      
      [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
      [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\BitComet\\BitComet.exe"=-
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "21603:TCP"=-
      "21603:UDP"=-
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.







      Note: This CFScript is for use on piink's computer only! Do not use it on your computer.

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    After ComboFix has run, do the following:

    Go to Start -> Control Panel -> Display Properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My Current Home Page"),

    Also remove the checkmark from the the Lock Desktop Items box if it is checked.
    Click Apply.
    Click Apply and then Exit Display Properties.


    In your next post/reply, I need to see the following:

    1. The ComboFix Log that appears after Step 1 has been completed.
    2. A fresh HiJackThis Log taken after Step 1 has been completed.
    Malware Removal University Master
    Member of ASAP & UNITE

  9. #9
    Junior Member
    Join Date
    Aug 2006
    Posts
    21

    Default

    ComboFix 09-08-04.04 - Owner 08/06/2009 10:16.2.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.337 [GMT -4:00]
    Running from: c:\documents and settings\Owner.70E9OW531HWRKW8\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner.70E9OW531HWRKW8\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    FILE ::
    "c:\program files\Common Files\mehe.html"
    "c:\program files\Windows NT\pokodezu.html"
    "c:\windows\system32\4899downlza5er113.exe"
    "c:\windows\system32\4975zorm367.dll"
    "c:\windows\system32\4979spyware295z.dll"
    "c:\windows\system32\49c7thiez1577.dll"
    "c:\windows\system32\4z72t59ef2502.dll"
    "c:\windows\system32\5119thr9z514866.dll"
    "c:\windows\system32\54319zpy73d.dll"
    "c:\windows\system32\5500troj6fz9.dll"
    "c:\windows\system32\594caddzare21915.dll"
    "c:\windows\system32\5975addware319z5.bin"
    "c:\windows\system32\59e2zte5l794.dll"
    "c:\windows\system32\5a59vzr9215.dll"
    "c:\windows\system32\5zathi9f396.bin"
    "c:\windows\system32\62c59parsz884.dll"
    "c:\windows\system32\65z259t-a-virus732.bin"
    "c:\windows\system32\6918hzck9oolc55.exe"
    "c:\windows\system32\69c45oznloader2851.dll"
    "c:\windows\system32\73dcdownzoa5er4619.bin"
    "c:\windows\system32\7489spzrse10925.bin"
    "c:\windows\system32\759c5ackdzor4149.bin"
    "c:\windows\system32\79875iz334.bin"
    "c:\windows\system32\7c5dspyzare1695.dll"
    "c:\windows\system32\7cbzdown5oader9700.bin"
    "c:\windows\system32\7z94ha9kt5ol786.exe"
    "c:\windows\system32\8ectzr9at18358.dll"
    "c:\windows\system32\90735pz358.bin"
    "c:\windows\system32\92645p94adz.exe"
    "c:\windows\system32\985bspywarez192.bin"
    "c:\windows\system32\99149irus18z5.dll"
    "c:\windows\system32\9za4threat14529.bin"
    "c:\windows\system32\aecszyware29519.bin"
    "c:\windows\system32\f1fadd5arz9314.exe"
    "c:\windows\system32\z018threat58089.dll"
    "c:\windows\system32\z13389i5us1aa.dll"
    "c:\windows\system32\z4155h9cktool4b4.dll"
    "c:\windows\system32\z4472worm59e.bin"
    "c:\windows\system32\z7585ir9197.bin"
    "c:\windows\system32\z7713troj9875.bin"
    "c:\windows\system32\z7824virus295.dll"
    "c:\windows\system32\z9a1thief31795.exe"
    "c:\windows\system32\zd15backdoo92486.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\OWNER~1.70E\LOCALS~1\Temp\catchme.dll
    c:\documents and settings\Owner.70E9OW531HWRKW8\Local Settings\Temp\catchme.dll
    c:\program files\BitComet
    c:\program files\BitComet\BitComet.exe
    c:\program files\BitComet\BitComet.url
    c:\program files\BitComet\BitComet.xml
    c:\program files\BitComet\cache\post_info.xml
    c:\program files\BitComet\cache\rss_index.xml
    c:\program files\BitComet\ChangeLog.txt
    c:\program files\BitComet\CRASH.DMP
    c:\program files\BitComet\CRASH.ZIP
    c:\program files\BitComet\CRASH.ZIP.0001
    c:\program files\BitComet\CRASHLOG.DAT
    c:\program files\BitComet\CRASHLOG.TXT
    c:\program files\BitComet\CrashReport.exe
    c:\program files\BitComet\dbghelp.dll
    c:\program files\BitComet\Downloads.xml
    c:\program files\BitComet\fav\ad\artow.gif
    c:\program files\BitComet\fav\ad\previewdlg_en_us.htm
    c:\program files\BitComet\fav\ad\previewdlg_zh_cn.htm
    c:\program files\BitComet\fav\ad\previewwnd_en_us.htm
    c:\program files\BitComet\fav\ad\previewwnd_en_us.htm.bak
    c:\program files\BitComet\fav\ad\previewwnd_zh_cn.htm
    c:\program files\BitComet\fav\ad\pv_dlg.swf
    c:\program files\BitComet\fav\ad\pv_wnd.swf
    c:\program files\BitComet\fav\ad\pv_wnd_us.swf
    c:\program files\BitComet\fav\ad\pv_wnd_us1.swf
    c:\program files\BitComet\fav\ad\pv_wnd_us2.swf
    c:\program files\BitComet\fav\download-complete.wav
    c:\program files\BitComet\fav\fav_bg_bg.xml
    c:\program files\BitComet\fav\fav_ca_es.xml
    c:\program files\BitComet\fav\fav_de_de.xml
    c:\program files\BitComet\fav\fav_el_gr.xml
    c:\program files\BitComet\fav\fav_en_us.xml
    c:\program files\BitComet\fav\fav_en_us.xml.bak
    c:\program files\BitComet\fav\fav_es_es.xml
    c:\program files\BitComet\fav\fav_fi_fi.xml
    c:\program files\BitComet\fav\fav_he_il.xml
    c:\program files\BitComet\fav\fav_hu_hu.xml
    c:\program files\BitComet\fav\fav_it_it.xml
    c:\program files\BitComet\fav\fav_jp_jp.xml
    c:\program files\BitComet\fav\fav_ko_kr.xml
    c:\program files\BitComet\fav\fav_lv_lv.xml
    c:\program files\BitComet\fav\fav_nl_nl.xml
    c:\program files\BitComet\fav\fav_pl_pl.xml
    c:\program files\BitComet\fav\fav_pt_br.xml
    c:\program files\BitComet\fav\fav_pt_pt.xml
    c:\program files\BitComet\fav\fav_ru_ru.xml
    c:\program files\BitComet\fav\fav_sl_si.xml
    c:\program files\BitComet\fav\fav_th_th.xml
    c:\program files\BitComet\fav\fav_uk_ua.xml
    c:\program files\BitComet\fav\fav_va_es.xml
    c:\program files\BitComet\fav\fav_vi_vn.xml
    c:\program files\BitComet\fav\fav_zh_cn.xml
    c:\program files\BitComet\fav\fav_zh_tw.xml
    c:\program files\BitComet\fav\HowTo-AddYourSite.txt
    c:\program files\BitComet\fav\passport_info_en_us.mht
    c:\program files\BitComet\fav\passport_info_zh_cn.mht
    c:\program files\BitComet\fav\passport_login_en_us.mht
    c:\program files\BitComet\fav\passport_login_zh_cn.mht
    c:\program files\BitComet\Favourite.xml
    c:\program files\BitComet\lang\HowTo-Translate.txt
    c:\program files\BitComet\lang\lang_ar_ae.xml
    c:\program files\BitComet\lang\lang_ba_ba.xml
    c:\program files\BitComet\lang\lang_ba_eu.xml
    c:\program files\BitComet\lang\lang_bg_bg.xml
    c:\program files\BitComet\lang\lang_ca_es.xml
    c:\program files\BitComet\lang\lang_cz_cz.xml
    c:\program files\BitComet\lang\lang_da_dk.xml
    c:\program files\BitComet\lang\lang_de_de.xml
    c:\program files\BitComet\lang\lang_el_gr.xml
    c:\program files\BitComet\lang\lang_en_us.xml
    c:\program files\BitComet\lang\lang_es_ar.xml
    c:\program files\BitComet\lang\lang_es_es.xml
    c:\program files\BitComet\lang\lang_et_ee.xml
    c:\program files\BitComet\lang\lang_fi_fi.xml
    c:\program files\BitComet\lang\lang_fr_fr.xml
    c:\program files\BitComet\lang\lang_gl_es.xml
    c:\program files\BitComet\lang\lang_he_il.xml
    c:\program files\BitComet\lang\lang_hr_hr.xml
    c:\program files\BitComet\lang\lang_hu_hu.xml
    c:\program files\BitComet\lang\lang_it_it.xml
    c:\program files\BitComet\lang\lang_jp_jp.xml
    c:\program files\BitComet\lang\lang_ko_kr.xml
    c:\program files\BitComet\lang\lang_lt_lt.xml
    c:\program files\BitComet\lang\lang_lv_lv.xml
    c:\program files\BitComet\lang\lang_nb_no.xml
    c:\program files\BitComet\lang\lang_nl_nl.xml
    c:\program files\BitComet\lang\lang_pl_pl.xml
    c:\program files\BitComet\lang\lang_pt_br.xml
    c:\program files\BitComet\lang\lang_pt_pt.xml
    c:\program files\BitComet\lang\lang_ro_ro.xml
    c:\program files\BitComet\lang\lang_ru_ru.xml
    c:\program files\BitComet\lang\lang_sk_sk.xml
    c:\program files\BitComet\lang\lang_sl_si.xml
    c:\program files\BitComet\lang\lang_sq_al.xml
    c:\program files\BitComet\lang\lang_sr_sr.xml
    c:\program files\BitComet\lang\lang_sv_se.xml
    c:\program files\BitComet\lang\lang_th_th.xml
    c:\program files\BitComet\lang\lang_tr_tr.xml
    c:\program files\BitComet\lang\lang_uk_ua.xml
    c:\program files\BitComet\lang\lang_va_es.xml
    c:\program files\BitComet\lang\lang_vi_vn.xml
    c:\program files\BitComet\lang\lang_zh_cn.xml
    c:\program files\BitComet\lang\lang_zh_tw.xml
    c:\program files\BitComet\License.txt
    c:\program files\BitComet\ReadMe.txt
    c:\program files\BitComet\rules\blocklist.dat
    c:\program files\BitComet\rules\dhtnodes.dat
    c:\program files\BitComet\rules\tracker.dat
    c:\program files\BitComet\scripts\cookie.lua
    c:\program files\BitComet\scripts\mp3_baidu.lua
    c:\program files\BitComet\scripts\mp3_didai.lua
    c:\program files\BitComet\scripts\mp3_iask.lua
    c:\program files\BitComet\scripts\mp3_qihoo.lua
    c:\program files\BitComet\scripts\mp3_sogou.lua
    c:\program files\BitComet\scripts\mp3_sogua.lua
    c:\program files\BitComet\scripts\mp3_yahoo.lua
    c:\program files\BitComet\scripts\mp3_zhongsou.lua
    c:\program files\BitComet\scripts\refer_crsky.lua
    c:\program files\BitComet\scripts\refer_newhua.lua
    c:\program files\BitComet\scripts\refer_pchome.lua
    c:\program files\BitComet\scripts\refer_skycn.lua
    c:\program files\BitComet\scripts\refer_sourceforge.lua
    c:\program files\BitComet\scripts\soft_2118.lua
    c:\program files\BitComet\scripts\soft_21cn.lua
    c:\program files\BitComet\scripts\soft_ddooo.lua
    c:\program files\BitComet\scripts\soft_duote.lua
    c:\program files\BitComet\scripts\soft_it_com_cn.lua
    c:\program files\BitComet\scripts\soft_mydown.lua
    c:\program files\BitComet\scripts\soft_mydrivers.lua
    c:\program files\BitComet\scripts\soft_newhua.lua
    c:\program files\BitComet\scripts\soft_pchome.lua
    c:\program files\BitComet\scripts\soft_pconline.lua
    c:\program files\BitComet\scripts\soft_sina.lua
    c:\program files\BitComet\scripts\soft_skycn.lua
    c:\program files\BitComet\scripts\soft_sohu.lua
    c:\program files\BitComet\scripts\soft_zol.lua
    c:\program files\BitComet\tools\BitCometAgent_1.1.11.1.dll
    c:\program files\BitComet\tools\CometBrowser.exe
    c:\program files\BitComet\tools\curl.exe
    c:\program files\BitComet\tools\FlvPlayer.exe
    c:\program files\BitComet\tools\RealMediaSplitter.ax
    c:\program files\BitComet\tools\UPNP.exe
    c:\program files\BitComet\tools\VideoSnapshot.exe
    c:\program files\BitComet\tools\VistaTcpPatch.exe
    c:\program files\BitComet\torrents\Twilight.DVDR-Replica.torrent
    c:\program files\BitComet\torrents\Twilight.DVDRip.XviD-DiAMOND.torrent
    c:\program files\BitComet\uninst.exe
    c:\program files\BitTorrent
    c:\program files\BitTorrent\addrmap.dat
    c:\program files\BitTorrent\credits-l10n.txt
    c:\program files\BitTorrent\plugin.inf
    c:\windows\system32\47zad5wnloader9822.cpl
    c:\windows\system32\4899downlza5er113.exe
    c:\windows\system32\492backdzor17775.cpl
    c:\windows\system32\4975zorm367.dll
    c:\windows\system32\4979spyware295z.dll
    c:\windows\system32\4996backdoo59z7.dll
    c:\windows\system32\49c7thiez1577.dll
    c:\windows\system32\4a58bzckdoo9483.ocx
    c:\windows\system32\4ded59zal137.ocx
    c:\windows\system32\4z3ath5ef389.exe
    c:\windows\system32\4z5cthief3966.exe
    c:\windows\system32\4z72t59ef2502.dll
    c:\windows\system32\4zd0threat528589.bin
    c:\windows\system32\500aspyware25z9.ocx
    c:\windows\system32\501sz5rse9834.cpl
    c:\windows\system32\5060sp5917z.cpl
    c:\windows\system32\5091zroj209.ocx
    c:\windows\system32\50979tzal3115.ocx
    c:\windows\system32\50a2s9eaz5949.dll
    c:\windows\system32\50z6backdoo52597.bin
    c:\windows\system32\5119thr9z514866.dll
    c:\windows\system32\5139zorm634.bin
    c:\windows\system32\5143trojz93.dll
    c:\windows\system32\51717z9rusba.dll
    c:\windows\system32\51e0addw59e3z7.exe
    c:\windows\system32\5249zvirus151.ocx
    c:\windows\system32\528c9ownlo5der155z.cpl
    c:\windows\system32\52addware196z.cpl
    c:\windows\system32\5332spzmb9t14a5.cpl
    c:\windows\system32\53589spz5959.bin
    c:\windows\system32\537d9zief1002.cpl
    c:\windows\system32\53z95ownloader2092.bin
    c:\windows\system32\5426sz95are1853.dll
    c:\windows\system32\54319zpy73d.dll
    c:\windows\system32\54813hacz9ool4ce.dll
    c:\windows\system32\5488spyw9re5221z.dll
    c:\windows\system32\54z6tro55569.bin
    c:\windows\system32\5500troj6fz9.dll
    c:\windows\system32\5555tzreat27905.ocx
    c:\windows\system32\558459rus7zb.ocx
    c:\windows\system32\55a6backdooz839.exe
    c:\windows\system32\55b0szeal18965.cpl
    c:\windows\system32\55z9thie92994.dll
    c:\windows\system32\5610w9zm60a.dll
    c:\windows\system32\56237szy2139.ocx
    c:\windows\system32\562v9ruz650.cpl
    c:\windows\system32\56323s9y46z.cpl
    c:\windows\system32\56825hzckto9l344.exe
    c:\windows\system32\5745steal9035z.cpl
    c:\windows\system32\57502not-a-9irzs42b.ocx
    c:\windows\system32\5769ddzare2340.bin
    c:\windows\system32\57c5do5nloader159z.ocx
    c:\windows\system32\58959viruz69c.ocx
    c:\windows\system32\59285wozm9de.exe
    c:\windows\system32\594caddzare21915.dll
    c:\windows\system32\5955zi9us393.cpl
    c:\windows\system32\595spambz51b.ocx
    c:\windows\system32\5960thief1131z.exe
    c:\windows\system32\5975addware319z5.bin
    c:\windows\system32\5990do9nloadzr255.exe
    c:\windows\system32\59c8threa594478z.exe
    c:\windows\system32\59cfdowzloader32585.exe
    c:\windows\system32\59e2zte5l794.dll
    c:\windows\system32\59zthreat15613.dll
    c:\windows\system32\5a59vzr9215.dll
    c:\windows\system32\5aa9pzware308.cpl
    c:\windows\system32\5az3spar9e1019.dll
    c:\windows\system32\5b9fthrzat6582.cpl
    c:\windows\system32\5bb5ste9z48.ocx
    c:\windows\system32\5c51stealz3249.dll
    c:\windows\system32\5c91zir559.ocx
    c:\windows\system32\5ccdownl9ader51z.exe
    c:\windows\system32\5e62t5r9az31427.ocx
    c:\windows\system32\5ec5b5ckdoorz899.exe
    c:\windows\system32\5f5eadd5are39z7.bin
    c:\windows\system32\5f82s9arsz5784.bin
    c:\windows\system32\5fc5spyza9e302.exe
    c:\windows\system32\5fd69hreat250z3.cpl
    c:\windows\system32\5z25s9y9c5.cpl
    c:\windows\system32\5z35h9ef856.exe
    c:\windows\system32\5z49spyware2572.cpl
    c:\windows\system32\5z4b9par5e3188.ocx
    c:\windows\system32\5z64wor921.bin
    c:\windows\system32\5z7e9teal590.cpl
    c:\windows\system32\5za1threat199305.ocx
    c:\windows\system32\5zathi9f396.bin
    c:\windows\system32\6045hacztoo9410.exe
    c:\windows\system32\613ddo5nloaderz910.cpl
    c:\windows\system32\6181spa59e14z4.cpl
    c:\windows\system32\6188sp5z89.exe
    c:\windows\system32\62c59parsz884.dll
    c:\windows\system32\62z1bac59oor615.cpl
    c:\windows\system32\6506thr9zt17042.cpl
    c:\windows\system32\65e5t9reat2443z.cpl
    c:\windows\system32\65z259t-a-virus732.bin
    c:\windows\system32\6610zot5a-v9rus4b5.ocx
    c:\windows\system32\67d85hrza925978.ocx
    c:\windows\system32\68czspyware595.ocx
    c:\windows\system32\6918hzck9oolc55.exe
    c:\windows\system32\69c45oznloader2851.dll
    c:\windows\system32\6bz95ir66.dll
    c:\windows\system32\6z0dbackd5or952.ocx
    c:\windows\system32\6z2v5rus9bc.cpl
    c:\windows\system32\7064dow9loader519z.cpl
    c:\windows\system32\711hac5too9306z.dll
    c:\windows\system32\71959zief1549.bin
    c:\windows\system32\71f3szywar5595.bin
    c:\windows\system32\73b3threat900z5.dll
    c:\windows\system32\73dcdownzoa5er4619.bin
    c:\windows\system32\7489spzrse10925.bin
    c:\windows\system32\74f39owzload5r1785.bin
    c:\windows\system32\7538zown9oader967.cpl
    c:\windows\system32\759c5ackdzor4149.bin
    c:\windows\system32\75z8sp9369.ocx
    c:\windows\system32\7798thrz5t31911.ocx
    c:\windows\system32\77dbthrzat6957.dll
    c:\windows\system32\785azhi9f1250.dll
    c:\windows\system32\788359y5z3.dll
    c:\windows\system32\7896addwa5z14189.ocx
    c:\windows\system32\7931dzwn5oader398.cpl
    c:\windows\system32\79875iz334.bin
    c:\windows\system32\79a359reat3z79.dll
    c:\windows\system32\79d9vz510999.dll
    c:\windows\system32\79z1vir5s79b.ocx
    c:\windows\system32\79z9stea51214.ocx
    c:\windows\system32\7a82bz9kdoor5474.bin
    c:\windows\system32\7b54s5e9lz591.cpl
    c:\windows\system32\7c5dspyzare1695.dll
    c:\windows\system32\7cbzdown5oader9700.bin
    c:\windows\system32\7d5aba9kdooz1991.ocx
    c:\windows\system32\7z94ha9kt5ol786.exe
    c:\windows\system32\7zc5vir14599.bin
    c:\windows\system32\8039tro95bz.bin
    c:\windows\system32\8256vzrus7d9.dll
    c:\windows\system32\8812spazbot5e9.ocx
    c:\windows\system32\89ezpyware456.cpl
    c:\windows\system32\8ectzr9at18358.dll
    c:\windows\system32\8z0virus9155.cpl
    c:\windows\system32\900t9zj2315.exe
    c:\windows\system32\9025oznloader2151.bin
    c:\windows\system32\90488nzt-a5virus4ba.ocx
    c:\windows\system32\904z5virus4c2.bin
    c:\windows\system32\905aspywaze1452.ocx
    c:\windows\system32\90735pz358.bin
    c:\windows\system32\9075zhief959.ocx
    c:\windows\system32\91c1tzief1835.dll
    c:\windows\system32\920badd5arz340.dll
    c:\windows\system32\925z8hacktool255.bin
    c:\windows\system32\92645p94adz.exe
    c:\windows\system32\932zworm253.cpl
    c:\windows\system32\93f2add5arz1613.ocx
    c:\windows\system32\94434hacktoo5ze.exe
    c:\windows\system32\9575vzr35.dll
    c:\windows\system32\95865szy64b.ocx
    c:\windows\system32\958dvzr5635.ocx
    c:\windows\system32\9590t5reatz5350.cpl
    c:\windows\system32\95f6spzrse31045.ocx
    c:\windows\system32\96fb5teaz1153.cpl
    c:\windows\system32\97575szy14e.bin
    c:\windows\system32\979zwo5m7e5.ocx
    c:\windows\system32\985bspywarez192.bin
    c:\windows\system32\98z44v5rus339.exe
    c:\windows\system32\98z95s5ambot4b5.ocx
    c:\windows\system32\99149irus18z5.dll
    c:\windows\system32\9999sz559.dll
    c:\windows\system32\9b56szeal875.exe
    c:\windows\system32\9c5sparsz927.ocx
    c:\windows\system32\9d5szeal2997.bin
    c:\windows\system32\9ea5spywaze140.bin
    c:\windows\system32\9ezvir452.cpl
    c:\windows\system32\9f0downloader5917z.cpl
    c:\windows\system32\9z5faddware13155.ocx
    c:\windows\system32\9z796virus5b3.cpl
    c:\windows\system32\9za4threat14529.bin
    c:\windows\system32\9zc8threat10501.ocx
    c:\windows\system32\aecszyware29519.bin
    c:\windows\system32\b79azdw5re3086.cpl
    c:\windows\system32\c9aspzw9r5296.cpl
    c:\windows\system32\e5zs9eal2191.cpl
    c:\windows\system32\eeebzck5oor899.ocx
    c:\windows\system32\ef5sp9rse1z57.ocx
    c:\windows\system32\f1fadd5arz9314.exe
    c:\windows\system32\z018threat58089.dll
    c:\windows\system32\z0525py9are3230.bin
    c:\windows\system32\z058stea9395.cpl
    c:\windows\system32\z0680not-a9vir5sd2.dll
    c:\windows\system32\z13389i5us1aa.dll
    c:\windows\system32\z175v9rus575.dll
    c:\windows\system32\z2400spy5e9.cpl
    c:\windows\system32\z33695wnloader1791.exe
    c:\windows\system32\z4155h9cktool4b4.dll
    c:\windows\system32\z43aspyw9re358.dll
    c:\windows\system32\z4472worm59e.bin
    c:\windows\system32\z5389virus1115.exe
    c:\windows\system32\z565spy56f9.bin
    c:\windows\system32\z5894wo5m1e0.dll
    c:\windows\system32\z5dsparse2959.exe
    c:\windows\system32\z645t9ief2416.cpl
    c:\windows\system32\z694spy5a9e107.exe
    c:\windows\system32\z6c2th9e5t28487.cpl
    c:\windows\system32\z7585ir9197.bin
    c:\windows\system32\z7713troj9875.bin
    c:\windows\system32\z7824virus295.dll
    c:\windows\system32\z8039spambot145.ocx
    c:\windows\system32\z908spywar918555.dll
    c:\windows\system32\z9529ro5434.exe
    c:\windows\system32\z993t5oj720.ocx
    c:\windows\system32\z9a1thief31795.exe
    c:\windows\system32\zbdthreat69425.ocx
    c:\windows\system32\zc62a5d9are2068.exe
    c:\windows\system32\zd15backdoo92486.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_Dcrmsnpbfarc


    ((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
    .

    2009-08-04 19:08 . 2009-08-04 19:11 -------- d-----w- C:\rsit
    2009-08-04 04:03 . 2005-03-01 03:52 102400 ----a-w- c:\windows\system32\unzip3252.dll
    2009-08-04 04:03 . 2001-05-30 14:00 352256 ----a-w- c:\windows\system32\ijl15.dll
    2009-08-04 04:03 . 2004-05-04 15:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
    2009-08-04 04:03 . 2002-07-25 02:43 667648 ----a-w- c:\windows\system32\FreeImage.dll
    2009-08-04 04:03 . 1998-08-29 17:50 40448 ----a-w- c:\windows\system32\UNACE.DLL
    2009-08-04 03:44 . 2009-08-04 03:44 -------- d-----w- c:\program files\Trend Micro
    2009-08-03 21:50 . 2009-08-03 21:50 -------- d-----w- c:\program files\Safer Networking
    2009-08-03 20:31 . 2009-08-03 21:59 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2009-07-29 17:33 . 2009-07-29 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sony
    2009-07-18 02:35 . 2009-07-22 18:49 -------- d-----w- C:\0ftp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-06 01:46 . 2006-02-12 21:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-08-06 01:12 . 2007-09-23 06:08 -------- d-----w- c:\program files\AIM6
    2009-08-06 01:12 . 2007-09-23 06:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
    2009-08-05 23:57 . 2009-04-04 03:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
    2009-08-05 18:35 . 2008-04-10 08:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
    2009-08-05 07:13 . 2009-04-19 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2009-08-05 03:59 . 2006-02-12 21:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-04 04:03 . 2003-05-24 23:28 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-04 03:53 . 2009-04-04 03:54 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-08-03 21:57 . 2007-03-09 04:05 -------- d-----w- c:\program files\GoPets Ltd
    2009-07-29 17:41 . 2007-03-07 03:03 -------- d-----w- c:\program files\PokerRoom.com
    2009-07-26 06:17 . 2006-09-07 10:47 -------- d-----w- c:\program files\mIRC
    2009-06-29 16:12 . 2004-08-24 04:32 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 16:12 . 2002-09-03 16:29 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-06-29 12:55 . 2009-04-04 03:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-06-29 12:55 . 2008-04-14 22:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-16 14:55 . 2002-09-03 17:06 119808 ------w- c:\windows\system32\t2embed.dll
    2009-06-16 14:55 . 2002-09-03 16:33 82432 ------w- c:\windows\system32\fontsub.dll
    2009-06-12 14:07 . 2009-06-12 14:07 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{A244981E-8404-4D9D-AF17-121138BB71D6}
    2009-06-12 01:18 . 2009-06-12 00:30 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{94032222-2818-4C8C-8989-0DD3E335DD5D}
    2009-06-12 01:06 . 2009-06-12 01:06 -------- d-----w- c:\program files\Hawkes Learning Systems
    2009-06-03 19:27 . 2004-11-05 17:41 1290752 ----a-w- c:\windows\system32\quartz.dll
    2009-05-31 21:46 . 2007-02-18 05:31 130760 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-31 21:43 . 2009-05-31 21:43 130760 ----a-w- c:\documents and settings\Pinnkkk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-31 21:41 . 2007-02-18 05:15 8224 ----a-w- c:\documents and settings\Guest.70E9OW531HWRKW8\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-19 05:35 . 2009-08-06 01:12 11568 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\tbinst.dll
    2009-05-17 21:23 . 2009-04-04 03:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2006-05-03 09:06 . 2007-04-29 10:57 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47 . 2007-04-29 10:57 31232 --sh--r- c:\windows\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]
    "PicoZip"="c:\progra~1\PicoZip\PicoZipTray.exe" [2006-06-09 581632]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USBDetector"="c:\usbstorage\USBDetector.exe" [2002-11-26 53248]
    "ShowIcon_The Company_CRW Series Driver v1.17r023"="c:\program files\CRW\shwicon.exe" [2003-01-27 73728]
    "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-03-25 69632]
    "SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
    "EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-20 98304]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [1998-6-6 325632]
    Medic.lnk - c:\program files\Road Runner\Medic\RRMedic.exe [2003-5-24 3362939]

    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-22 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-06-29 12:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
    backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.70E9OW531HWRKW8^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
    path=c:\documents and settings\Owner.70E9OW531HWRKW8\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
    backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM95\\aim.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe"=
    "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2009 11:54 PM 335752]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2009 11:54 PM 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/3/2009 11:54 PM 907032]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/3/2009 11:54 PM 298776]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/27/2007 3:38 AM 24652]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 10:19 PM 13592]
    S3 ACCSKMD;Canon Camera Storage Device;c:\windows\system32\drivers\accskmd.sys [5/13/2003 11:50 PM 32640]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2009-08-06 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-10 13:43]

    2009-08-06 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: {FC53C825-75D4-48EB-BFC6-AB8946AD24BA} = 208.67.220.220,208.67.222.222
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Owner.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\9ncmh1ox.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
    FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Picasa2\npPicasa2.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    disk not found C:\

    please note that you need administrator rights to perform deep scan
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3644)
    c:\windows\system32\WININET.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\mshtml.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    c:\windows\system32\drivers\CDANTSRV.EXE
    c:\windows\system32\drivers\dcfssvc.exe
    c:\windows\system32\locator.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\WDC\SetIcon.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-06 10:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-06 14:43
    ComboFix2.txt 2009-08-06 00:33

    Pre-Run: 18,057,625,600 bytes free
    Post-Run: 18,184,908,800 bytes free

    618 --- E O F --- 2009-08-05 07:13




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:44:21 AM, on 8/6/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\USBStorage\USBDetector.exe
    C:\Program Files\CRW\shwicon.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\WDC\SetIcon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 9646 bytes

  10. #10
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Step # 1: Remove Poker programs
    From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.

    I would advise you to go to Add/Remove programs and uninstall the following poker program(s):

    Bodog Poker Version 2.16.3.49

    Full Tilt Poker


    Here are links to some poker sites regarded as safe for your reference.
    1. http://www.pokerstars.net/ - This is a free to use/play site with play money.
    2. http://www.pokerstars.com/ - This is a free to use/play site with play money and real money.



    Step # 2 Update Java

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u15.
    • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Remove the following old versions of Java:

    • J2SE Runtime Environment 5.0 Update 8

      J2SE Runtime Environment 5.0 Update 10


    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • From your desktop double-click on the download to install the newest version.



    Step # 3 Run CCleaner

    CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

    • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
    • Then select the items you wish to clean up.
    • In the Windows Tab:
    • Clean all entries in the Internet Explorer section except Cookies
    • Clean all the entries in the Windows Explorer section
    • Clean all entries in the System section
    • Clean all entries in the Advanced section
    • Clean any others that you choose
    • In the Applications Tab:
    • Clean all except cookies in the Firefox/Mozilla section if you use it
    • Clean all in the Opera section if you use it
    • Clean Sun Java in the Internet Section
    • Clean any others that you choose
    • Click the Run Cleaner button.
    • A pop up box will appear advising this process will permanently delete files from your system.
    • Click OK and it will scan and clean your system.
    • Click exit when done.
    • If it asks you to reboot at the end, click NO



    Step # 4: Remove Hijackthis Entries

    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):


      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.



    Step # 5 Download and Run Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.


    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


    In your next post/reply, I need to see the following:

    1. MalwareBytes' Log
    2. A fresh HiJackThis Log
    Malware Removal University Master
    Member of ASAP & UNITE

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •