Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: System shutdown DCOM Server Process

  1. #1
    Member
    Join Date
    Sep 2009
    Posts
    34

    Default System shutdown DCOM Server Process

    Hi,

    My Computer keeps [errforming a shut down process and I receive the following:
    System shutdown...DCOM Server Process Launcher...

    I have run spybot search and destroy and Malewarebytes. On quick scan Malewarebytes removed a registry item but did not fix overall problem. Now virus scans initiate the shutdown. I also ran hijack this but I cant make heads or tails of the log.

    Any help you can give me will be greatly appreciated.

    Thank You,
    JSeymour3000

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello jseymour3000

    Welcome to Safer Networking.

    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.




    Please download RootRepeal from one of these locations and save it to your desktop
    Here
    Here
    Here
    • Open on your desktop.
    • Click the tab.
    • Click the button.
    • Check just these boxes:
    • Push Ok
    • Check the box for your main system drive (Usually C:, and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.







    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Sep 2009
    Posts
    34

    Default

    Hi Ken45,

    Thank You for responding and for any help in advance.

    Below are the reports/logs you asked for.

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2010/01/26 18:10
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: ABP480N5.SYS
    Image Path: ABP480N5.SYS
    Address: 0xF785F000 Size: 23552 File Visible: - Signed: -
    Status: -

    Name: ACPI.sys
    Image Path: ACPI.sys
    Address: 0xF7548000 Size: 187776 File Visible: - Signed: -
    Status: -

    Name: ACPI_HAL
    Image Path: \Driver\ACPI_HAL
    Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
    Status: -

    Name: adpu160m.sys
    Image Path: adpu160m.sys
    Address: 0xF74CF000 Size: 101888 File Visible: - Signed: -
    Status: -

    Name: aec.sys
    Image Path: C:\WINDOWS\system32\drivers\aec.sys
    Address: 0xB0071000 Size: 142592 File Visible: - Signed: -
    Status: -

    Name: afd.sys
    Image Path: C:\WINDOWS\System32\drivers\afd.sys
    Address: 0xB90E0000 Size: 138496 File Visible: - Signed: -
    Status: -

    Name: agp440.sys
    Image Path: agp440.sys
    Address: 0xF7697000 Size: 42368 File Visible: - Signed: -
    Status: -

    Name: agpCPQ.sys
    Image Path: agpCPQ.sys
    Address: 0xF76C7000 Size: 44928 File Visible: - Signed: -
    Status: -

    Name: aha154x.sys
    Image Path: aha154x.sys
    Address: 0xF79AF000 Size: 12800 File Visible: - Signed: -
    Status: -

    Name: aic78u2.sys
    Image Path: aic78u2.sys
    Address: 0xF75F7000 Size: 55168 File Visible: - Signed: -
    Status: -

    Name: aic78xx.sys
    Image Path: aic78xx.sys
    Address: 0xF75C7000 Size: 56960 File Visible: - Signed: -
    Status: -

    Name: aliide.sys
    Image Path: aliide.sys
    Address: 0xF7A9B000 Size: 5248 File Visible: - Signed: -
    Status: -

    Name: alim1541.sys
    Image Path: alim1541.sys
    Address: 0xF76A7000 Size: 42752 File Visible: - Signed: -
    Status: -

    Name: amdagp.sys
    Image Path: amdagp.sys
    Address: 0xF76B7000 Size: 43008 File Visible: - Signed: -
    Status: -

    Name: amsint.sys
    Image Path: amsint.sys
    Address: 0xF79BB000 Size: 12032 File Visible: - Signed: -
    Status: -

    Name: asc.sys
    Image Path: asc.sys
    Address: 0xF782F000 Size: 26496 File Visible: - Signed: -
    Status: -

    Name: asc3350p.sys
    Image Path: asc3350p.sys
    Address: 0xF7867000 Size: 22400 File Visible: - Signed: -
    Status: -

    Name: asc3550.sys
    Image Path: asc3550.sys
    Address: 0xF79BF000 Size: 14848 File Visible: - Signed: -
    Status: -

    Name: aspi32.sys
    Image Path: C:\WINDOWS\System32\drivers\aspi32.sys
    Address: 0xB08A8000 Size: 16512 File Visible: - Signed: -
    Status: -

    Name: asyncmac.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    Address: 0xB0275000 Size: 14336 File Visible: - Signed: -
    Status: -

    Name: atapi.sys
    Image Path: atapi.sys
    Address: 0xF74E8000 Size: 96512 File Visible: - Signed: -
    Status: -

    Name: ATMFD.DLL
    Image Path: C:\WINDOWS\System32\ATMFD.DLL
    Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
    Status: -

    Name: audstub.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
    Address: 0xF7BA7000 Size: 3072 File Visible: - Signed: -
    Status: -

    Name: Beep.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
    Address: 0xF7B03000 Size: 4224 File Visible: - Signed: -
    Status: -

    Name: BOOTVID.dll
    Image Path: C:\WINDOWS\system32\BOOTVID.dll
    Address: 0xF79A7000 Size: 12288 File Visible: - Signed: -
    Status: -

    Name: cbidf2k.sys
    Image Path: cbidf2k.sys
    Address: 0xF79C7000 Size: 13952 File Visible: - Signed: -
    Status: -

    Name: cd20xrnt.sys
    Image Path: cd20xrnt.sys
    Address: 0xF7AA5000 Size: 7680 File Visible: - Signed: -
    Status: -

    Name: Cdfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
    Address: 0xB7172000 Size: 63744 File Visible: - Signed: -
    Status: -

    Name: cdrbsdrv.SYS
    Image Path: C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS
    Address: 0xF7A6B000 Size: 12736 File Visible: - Signed: -
    Status: -

    Name: cdrom.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
    Address: 0xF7787000 Size: 62976 File Visible: - Signed: -
    Status: -

    Name: CLASSPNP.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    Address: 0xF7657000 Size: 53248 File Visible: - Signed: -
    Status: -

    Name: cmdide.sys
    Image Path: cmdide.sys
    Address: 0xF7A9D000 Size: 6656 File Visible: - Signed: -
    Status: -

    Name: cpqarray.sys
    Image Path: cpqarray.sys
    Address: 0xF79AB000 Size: 14976 File Visible: - Signed: -
    Status: -

    Name: dac2w2k.sys
    Image Path: dac2w2k.sys
    Address: 0xF74A3000 Size: 179584 File Visible: - Signed: -
    Status: -

    Name: dac960nt.sys
    Image Path: dac960nt.sys
    Address: 0xF79B7000 Size: 14720 File Visible: - Signed: -
    Status: -

    Name: disk.sys
    Image Path: disk.sys
    Address: 0xF7647000 Size: 36352 File Visible: - Signed: -
    Status: -

    Name: DMusic.sys
    Image Path: C:\WINDOWS\system32\drivers\DMusic.sys
    Address: 0xB04F9000 Size: 52864 File Visible: - Signed: -
    Status: -

    Name: dpti2o.sys
    Image Path: dpti2o.sys
    Address: 0xF786F000 Size: 20192 File Visible: - Signed: -
    Status: -

    Name: drmk.sys
    Image Path: C:\WINDOWS\system32\drivers\drmk.sys
    Address: 0xF7797000 Size: 61440 File Visible: - Signed: -
    Status: -

    Name: drmkaud.sys
    Image Path: C:\WINDOWS\system32\drivers\drmkaud.sys
    Address: 0xF7CAF000 Size: 2944 File Visible: - Signed: -
    Status: -

    Name: drvmcdb.sys
    Image Path: drvmcdb.sys
    Address: 0xF745C000 Size: 84992 File Visible: - Signed: -
    Status: -

    Name: drvnddm.sys
    Image Path: C:\WINDOWS\system32\drivers\drvnddm.sys
    Address: 0xB6095000 Size: 38304 File Visible: - Signed: -
    Status: -

    Name: Dxapi.sys
    Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
    Address: 0xB15BA000 Size: 12288 File Visible: - Signed: -
    Status: -

    Name: dxg.sys
    Image Path: C:\WINDOWS\System32\drivers\dxg.sys
    Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
    Status: -

    Name: dxgthk.sys
    Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
    Address: 0xF7BC5000 Size: 4096 File Visible: - Signed: -
    Status: -

    Name: e100b325.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\e100b325.sys
    Address: 0xF6489000 Size: 154112 File Visible: - Signed: -
    Status: -

    Name: Fips.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
    Address: 0xF5A06000 Size: 44544 File Visible: - Signed: -
    Status: -

    Name: fltmgr.sys
    Image Path: fltmgr.sys
    Address: 0xF7483000 Size: 129792 File Visible: - Signed: -
    Status: -

    Name: Fs_Rec.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
    Address: 0xF7B01000 Size: 7936 File Visible: - Signed: -
    Status: -

    Name: ftdisk.sys
    Image Path: ftdisk.sys
    Address: 0xF7518000 Size: 125056 File Visible: - Signed: -
    Status: -

    Name: hal.dll
    Image Path: C:\WINDOWS\system32\hal.dll
    Address: 0x806FF000 Size: 134400 File Visible: - Signed: -
    Status: -

    Name: HIDCLASS.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
    Address: 0xF59C6000 Size: 36864 File Visible: - Signed: -
    Status: -

    Name: HIDPARSE.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
    Address: 0xF78BF000 Size: 28672 File Visible: - Signed: -
    Status: -

    Name: hidusb.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
    Address: 0xF4A82000 Size: 10368 File Visible: - Signed: -
    Status: -

    Name: hpn.sys
    Image Path: hpn.sys
    Address: 0xF787F000 Size: 25952 File Visible: - Signed: -
    Status: -

    Name: HSF_CNXT.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    Address: 0xF64AF000 Size: 680704 File Visible: - Signed: -
    Status: -

    Name: HSF_DP.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    Address: 0xF6556000 Size: 1042432 File Visible: - Signed: -
    Status: -

    Name: HSFHWBS2.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    Address: 0xF6678000 Size: 212224 File Visible: - Signed: -
    Status: -

    Name: HTTP.sys
    Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
    Address: 0xAFDD5000 Size: 265728 File Visible: - Signed: -
    Status: -

    Name: i2omgmt.SYS
    Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
    Address: 0xF7A67000 Size: 8576 File Visible: - Signed: -
    Status: -

    Name: i2omp.sys
    Image Path: i2omp.sys
    Address: 0xF783F000 Size: 18560 File Visible: - Signed: -
    Status: -

    Name: i8042prt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    Address: 0xF7777000 Size: 52480 File Visible: - Signed: -
    Status: -

    Name: ialmdd5.DLL
    Image Path: C:\WINDOWS\System32\ialmdd5.DLL
    Address: 0xBF077000 Size: 925696 File Visible: - Signed: -
    Status: -

    Name: ialmdev5.DLL
    Image Path: C:\WINDOWS\System32\ialmdev5.DLL
    Address: 0xBF042000 Size: 217088 File Visible: - Signed: -
    Status: -

    Name: ialmdnt5.dll
    Image Path: C:\WINDOWS\System32\ialmdnt5.dll
    Address: 0xBF020000 Size: 139264 File Visible: - Signed: -
    Status: -

    Name: ialmnt5.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    Address: 0xF66E4000 Size: 1302208 File Visible: - Signed: -
    Status: -

    Name: ialmrnt5.dll
    Image Path: C:\WINDOWS\System32\ialmrnt5.dll
    Address: 0xBF012000 Size: 57344 File Visible: - Signed: -
    Status: -

    Name: ini910u.sys
    Image Path: ini910u.sys
    Address: 0xF79C3000 Size: 16000 File Visible: - Signed: -
    Status: -

    Name: intelide.sys
    Image Path: intelide.sys
    Address: 0xF7AA3000 Size: 5504 File Visible: - Signed: -
    Status: -

    Name: intelppm.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
    Address: 0xF7767000 Size: 36352 File Visible: - Signed: -
    Status: -

    Name: ip6fw.sys
    Image Path: C:\WINDOWS\system32\drivers\ip6fw.sys
    Address: 0xF59F6000 Size: 36608 File Visible: - Signed: -
    Status: -

    Name: ipfltdrv.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    Address: 0xB0A0B000 Size: 32896 File Visible: - Signed: -
    Status: -

    Name: ipnat.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
    Address: 0xB8FF7000 Size: 152832 File Visible: - Signed: -
    Status: -

    Name: ipsec.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
    Address: 0xB91BB000 Size: 75264 File Visible: - Signed: -
    Status: -

    Name: isapnp.sys
    Image Path: isapnp.sys
    Address: 0xF7597000 Size: 37248 File Visible: - Signed: -
    Status: -

    Name: kbdclass.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    Address: 0xF7917000 Size: 24576 File Visible: - Signed: -
    Status: -

    Name: KDCOM.DLL
    Image Path: C:\WINDOWS\system32\KDCOM.DLL
    Address: 0xF7A97000 Size: 8192 File Visible: - Signed: -
    Status: -

    Name: kmixer.sys
    Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
    Address: 0xB0046000 Size: 172416 File Visible: - Signed: -
    Status: -

    Name: ks.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
    Address: 0xF6655000 Size: 143360 File Visible: - Signed: -
    Status: -

    Name: KSecDD.sys
    Image Path: KSecDD.sys
    Address: 0xF7445000 Size: 92928 File Visible: - Signed: -
    Status: -

    Name: MarvinBus.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
    Address: 0xF62FF000 Size: 188416 File Visible: - Signed: -
    Status: -

    Name: mdmxsdk.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    Address: 0xF4A66000 Size: 9920 File Visible: - Signed: -
    Status: -

    Name: mnmdd.SYS
    Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
    Address: 0xF7B05000 Size: 4224 File Visible: - Signed: -
    Status: -

    Name: Modem.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
    Address: 0xF790F000 Size: 30080 File Visible: - Signed: -
    Status: -

    Name: MODEMCSA.sys
    Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
    Address: 0xF682A000 Size: 16128 File Visible: - Signed: -
    Status: -

    Name: mouclass.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
    Address: 0xF793F000 Size: 23040 File Visible: - Signed: -
    Status: -

    Name: mouhid.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
    Address: 0xF4A7E000 Size: 12160 File Visible: - Signed: -
    Status: -

    Name: MountMgr.sys
    Image Path: MountMgr.sys
    Address: 0xF75A7000 Size: 42368 File Visible: - Signed: -
    Status: -

    Name: mraid35x.sys
    Image Path: mraid35x.sys
    Address: 0xF7837000 Size: 17280 File Visible: - Signed: -
    Status: -

    Name: mrxdav.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    Address: 0xB06EB000 Size: 180608 File Visible: - Signed: -
    Status: -

    Name: mrxsmb.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    Address: 0xB901D000 Size: 455296 File Visible: - Signed: -
    Status: -

    Name: Msfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
    Address: 0xF78CF000 Size: 19072 File Visible: - Signed: -
    Status: -

    Name: msgpc.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
    Address: 0xF77E7000 Size: 35072 File Visible: - Signed: -
    Status: -

    Name: mssmbios.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    Address: 0xF7A3B000 Size: 15488 File Visible: - Signed: -
    Status: -

    Name: Mup.sys
    Image Path: Mup.sys
    Address: 0xF7371000 Size: 105344 File Visible: - Signed: -
    Status: -

    Name: NDIS.sys
    Image Path: NDIS.sys
    Address: 0xF738B000 Size: 182656 File Visible: - Signed: -
    Status: -

    Name: ndistapi.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    Address: 0xF7335000 Size: 10112 File Visible: - Signed: -
    Status: -

    Name: ndisuio.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    Address: 0xEC32C000 Size: 14592 File Visible: - Signed: -
    Status: -

    Name: ndiswan.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    Address: 0xF639C000 Size: 91520 File Visible: - Signed: -
    Status: -

    Name: NDProxy.SYS
    Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
    Address: 0xF7737000 Size: 40576 File Visible: - Signed: -
    Status: -

    Name: netbios.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
    Address: 0xF5A36000 Size: 34688 File Visible: - Signed: -
    Status: -

    Name: netbt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
    Address: 0xB9102000 Size: 162816 File Visible: - Signed: -
    Status: -

    Name: Npfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
    Address: 0xF78D7000 Size: 30848 File Visible: - Signed: -
    Status: -

    Name: Ntfs.sys
    Image Path: Ntfs.sys
    Address: 0xF73B8000 Size: 574976 File Visible: - Signed: -
    Status: -

    Name: ntoskrnl.exe
    Image Path: C:\WINDOWS\system32\ntoskrnl.exe
    Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
    Status: -

    Name: Null.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
    Address: 0xF7C7E000 Size: 2944 File Visible: - Signed: -
    Status: -

    Name: nwlnkflt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    Address: 0xB02B1000 Size: 12416 File Visible: - Signed: -
    Status: -

    Name: nwlnkfwd.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    Address: 0xB0870000 Size: 32512 File Visible: - Signed: -
    Status: -

    Name: nwlnkipx.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    Address: 0xB0808000 Size: 88320 File Visible: - Signed: -
    Status: -

    Name: nwlnknb.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    Address: 0xF6B31000 Size: 63232 File Visible: - Signed: -
    Status: -

    Name: nwlnkspx.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    Address: 0xB6A57000 Size: 55936 File Visible: - Signed: -
    Status: -

    Name: parport.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
    Address: 0xF6475000 Size: 80128 File Visible: - Signed: -
    Status: -

    Name: PartMgr.sys
    Image Path: PartMgr.sys
    Address: 0xF781F000 Size: 19712 File Visible: - Signed: -
    Status: -

    Name: pci.sys
    Image Path: pci.sys
    Address: 0xF7537000 Size: 68224 File Visible: - Signed: -
    Status: -

    Name: pciide.sys
    Image Path: pciide.sys
    Address: 0xF7B5F000 Size: 3328 File Visible: - Signed: -
    Status: -

    Name: PCIIDEX.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    Address: 0xF7817000 Size: 28672 File Visible: - Signed: -
    Status: -

    Name: pclepci.sys
    Image Path: C:\WINDOWS\system32\drivers\pclepci.sys
    Address: 0xF7A93000 Size: 14496 File Visible: - Signed: -
    Status: -

    Name: perc2.sys
    Image Path: perc2.sys
    Address: 0xF7877000 Size: 27296 File Visible: - Signed: -
    Status: -

    Name: perc2hib.sys
    Image Path: perc2hib.sys
    Address: 0xF7AA7000 Size: 5504 File Visible: - Signed: -
    Status: -

    Name: PnpManager
    Image Path: \Driver\PnpManager
    Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
    Status: -

    Name: portcls.sys
    Image Path: C:\WINDOWS\system32\drivers\portcls.sys
    Address: 0xF6411000 Size: 147456 File Visible: - Signed: -
    Status: -

    Name: psched.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
    Address: 0xF638B000 Size: 69120 File Visible: - Signed: -
    Status: -

    Name: ptilink.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
    Address: 0xF7927000 Size: 17792 File Visible: - Signed: -
    Status: -

    Name: PxHelp20.sys
    Image Path: PxHelp20.sys
    Address: 0xF7667000 Size: 35712 File Visible: - Signed: -
    Status: -

    Name: ql1080.sys
    Image Path: ql1080.sys
    Address: 0xF7617000 Size: 40320 File Visible: - Signed: -
    Status: -

    Name: ql10wnt.sys
    Image Path: ql10wnt.sys
    Address: 0xF75D7000 Size: 33152 File Visible: - Signed: -
    Status: -

    Name: ql12160.sys
    Image Path: ql12160.sys
    Address: 0xF7637000 Size: 45312 File Visible: - Signed: -
    Status: -

    Name: ql1240.sys
    Image Path: ql1240.sys
    Address: 0xF75E7000 Size: 40448 File Visible: - Signed: -
    Status: -

    Name: ql1280.sys
    Image Path: ql1280.sys
    Address: 0xF7627000 Size: 49024 File Visible: - Signed: -
    Status: -

    Name: rasacd.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
    Address: 0xF7A77000 Size: 8832 File Visible: - Signed: -
    Status: -

    Name: rasl2tp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    Address: 0xF77A7000 Size: 51328 File Visible: - Signed: -
    Status: -

    Name: raspppoe.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    Address: 0xF77C7000 Size: 41472 File Visible: - Signed: -
    Status: -

    Name: raspptp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
    Address: 0xF77D7000 Size: 48384 File Visible: - Signed: -
    Status: -

    Name: raspti.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
    Address: 0xF792F000 Size: 16512 File Visible: - Signed: -
    Status: -

    Name: RAW
    Image Path: \FileSystem\RAW
    Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
    Status: -

    Name: rdbss.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
    Address: 0xB90B5000 Size: 175744 File Visible: - Signed: -
    Status: -

    Name: RDPCDD.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
    Address: 0xF7B07000 Size: 4224 File Visible: - Signed: -
    Status: -

    Name: RimSerial.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    Address: 0xF7937000 Size: 26496 File Visible: - Signed: -
    Status: -

    Name: RootMdm.sys
    Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
    Address: 0xF7AC7000 Size: 5888 File Visible: - Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xAFE36000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: SCSIPORT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    Address: 0xF7500000 Size: 98304 File Visible: - Signed: -
    Status: -

    Name: senfilt.sys
    Image Path: C:\WINDOWS\system32\drivers\senfilt.sys
    Address: 0xF63B3000 Size: 381056 File Visible: - Signed: -
    Status: -

    Name: serenum.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
    Address: 0xF7339000 Size: 15744 File Visible: - Signed: -
    Status: -

    Name: serial.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
    Address: 0xF77B7000 Size: 64512 File Visible: - Signed: -
    Status: -

    Name: sisagp.sys
    Image Path: sisagp.sys
    Address: 0xF7677000 Size: 40960 File Visible: - Signed: -
    Status: -

    Name: smwdm.sys
    Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
    Address: 0xF6435000 Size: 258368 File Visible: - Signed: -
    Status: -

    Name: sparrow.sys
    Image Path: sparrow.sys
    Address: 0xF7827000 Size: 19072 File Visible: - Signed: -
    Status: -

    Name: splitter.sys
    Image Path: C:\WINDOWS\system32\drivers\splitter.sys
    Address: 0xF7B23000 Size: 6272 File Visible: - Signed: -
    Status: -

    Name: sr.sys
    Image Path: sr.sys
    Address: 0xF7471000 Size: 73472 File Visible: - Signed: -
    Status: -

    Name: srv.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
    Address: 0xB0649000 Size: 333952 File Visible: - Signed: -
    Status: -

    Name: sscdbhk5.sys
    Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys
    Address: 0xF7AFF000 Size: 5568 File Visible: - Signed: -
    Status: -

    Name: ssrtln.sys
    Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys
    Address: 0xF78B7000 Size: 23488 File Visible: - Signed: -
    Status: -

    Name: swenum.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
    Address: 0xF7AC9000 Size: 4352 File Visible: - Signed: -
    Status: -

    Name: swmidi.sys
    Image Path: C:\WINDOWS\system32\drivers\swmidi.sys
    Address: 0xEC360000 Size: 56576 File Visible: - Signed: -
    Status: -

    Name: swmsflt.sys
    Image Path: C:\WINDOWS\System32\drivers\swmsflt.sys
    Address: 0xF7907000 Size: 20096 File Visible: - Signed: -
    Status: -

    Name: sym_hi.sys
    Image Path: sym_hi.sys
    Address: 0xF784F000 Size: 28384 File Visible: - Signed: -
    Status: -

    Name: sym_u3.sys
    Image Path: sym_u3.sys
    Address: 0xF7857000 Size: 30688 File Visible: - Signed: -
    Status: -

    Name: symc810.sys
    Image Path: symc810.sys
    Address: 0xF79B3000 Size: 16256 File Visible: - Signed: -
    Status: -

    Name: symc8xx.sys
    Image Path: symc8xx.sys
    Address: 0xF7847000 Size: 32640 File Visible: - Signed: -
    Status: -

    Name: sysaudio.sys
    Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
    Address: 0xB01B9000 Size: 60800 File Visible: - Signed: -
    Status: -

    Name: tcpip.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
    Address: 0xB9162000 Size: 361600 File Visible: - Signed: -
    Status: -

    Name: tcpip6.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    Address: 0xB912A000 Size: 225856 File Visible: - Signed: -
    Status: -

    Name: tcpipBM.SYS
    Image Path: C:\WINDOWS\System32\Drivers\tcpipBM.SYS
    Address: 0xF78DF000 Size: 18816 File Visible: - Signed: -
    Status: -

    Name: TDI.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
    Address: 0xF791F000 Size: 20480 File Visible: - Signed: -
    Status: -

    Name: termdd.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
    Address: 0xF77F7000 Size: 40704 File Visible: - Signed: -
    Status: -

    Name: tfsnboio.sys
    Image Path: C:\WINDOWS\system32\dla\tfsnboio.sys
    Address: 0xB6BDB000 Size: 25664 File Visible: - Signed: -
    Status: -

    Name: tfsncofs.sys
    Image Path: C:\WINDOWS\system32\dla\tfsncofs.sys
    Address: 0xB6085000 Size: 34784 File Visible: - Signed: -
    Status: -

    Name: tfsndrct.sys
    Image Path: C:\WINDOWS\system32\dla\tfsndrct.sys
    Address: 0xF7C6C000 Size: 4064 File Visible: - Signed: -
    Status: -

    Name: tfsndres.sys
    Image Path: C:\WINDOWS\system32\dla\tfsndres.sys
    Address: 0xF7C6B000 Size: 2176 File Visible: - Signed: -
    Status: -

    Name: tfsnifs.sys
    Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
    Address: 0xB0850000 Size: 86144 File Visible: - Signed: -
    Status: -

    Name: tfsnopio.sys
    Image Path: C:\WINDOWS\system32\dla\tfsnopio.sys
    Address: 0xB7DFB000 Size: 14656 File Visible: - Signed: -
    Status: -

    Name: tfsnpool.sys
    Image Path: C:\WINDOWS\system32\dla\tfsnpool.sys
    Address: 0xF7B13000 Size: 6304 File Visible: - Signed: -
    Status: -

    Name: tfsnudf.sys
    Image Path: C:\WINDOWS\system32\dla\tfsnudf.sys
    Address: 0xB0837000 Size: 98656 File Visible: - Signed: -
    Status: -

    Name: tfsnudfa.sys
    Image Path: C:\WINDOWS\system32\dla\tfsnudfa.sys
    Address: 0xB081E000 Size: 100544 File Visible: - Signed: -
    Status: -

    Name: toside.sys
    Image Path: toside.sys
    Address: 0xF7A9F000 Size: 4992 File Visible: - Signed: -
    Status: -

    Name: tunmp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\tunmp.sys
    Address: 0xF733D000 Size: 12288 File Visible: - Signed: -
    Status: -

    Name: ultra.sys
    Image Path: ultra.sys
    Address: 0xF7607000 Size: 36736 File Visible: - Signed: -
    Status: -

    Name: update.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
    Address: 0xF632D000 Size: 384768 File Visible: - Signed: -
    Status: -

    Name: USBD.SYS
    Image Path: C:\WINDOWS\System32\Drivers\USBD.SYS
    Address: 0xF7ACB000 Size: 8192 File Visible: - Signed: -
    Status: -

    Name: usbehci.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
    Address: 0xF7967000 Size: 30208 File Visible: - Signed: -
    Status: -

    Name: usbhub.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
    Address: 0xF7757000 Size: 59520 File Visible: - Signed: -
    Status: -

    Name: USBPORT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
    Address: 0xF66AC000 Size: 147456 File Visible: - Signed: -
    Status: -

    Name: usbuhci.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    Address: 0xF7947000 Size: 20608 File Visible: - Signed: -
    Status: -

    Name: vga.sys
    Image Path: C:\WINDOWS\System32\drivers\vga.sys
    Address: 0xF78C7000 Size: 20992 File Visible: - Signed: -
    Status: -

    Name: viaagp.sys
    Image Path: viaagp.sys
    Address: 0xF7687000 Size: 42240 File Visible: - Signed: -
    Status: -

    Name: viaide.sys
    Image Path: viaide.sys
    Address: 0xF7AA1000 Size: 5376 File Visible: - Signed: -
    Status: -

    Name: VIDEOPRT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
    Address: 0xF66D0000 Size: 81920 File Visible: - Signed: -
    Status: -

    Name: VolSnap.sys
    Image Path: VolSnap.sys
    Address: 0xF75B7000 Size: 52352 File Visible: - Signed: -
    Status: -

    Name: wanarp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
    Address: 0xF59E6000 Size: 34560 File Visible: - Signed: -
    Status: -

    Name: watchdog.sys
    Image Path: C:\WINDOWS\System32\watchdog.sys
    Address: 0xB7A08000 Size: 20480 File Visible: - Signed: -
    Status: -

    Name: wdmaud.sys
    Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
    Address: 0xB00BC000 Size: 83072 File Visible: - Signed: -
    Status: -

    Name: Win32k
    Image Path: \Driver\Win32k
    Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
    Status: -

    Name: win32k.sys
    Image Path: C:\WINDOWS\System32\win32k.sys
    Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
    Status: -

    Name: WMILIB.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
    Address: 0xF7A99000 Size: 8192 File Visible: - Signed: -
    Status: -

    Name: WMIxWDM
    Image Path: \Driver\WMIxWDM
    Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
    Status: -

    Name: wpdusb.sys
    Image Path: C:\WINDOWS\System32\Drivers\wpdusb.sys
    Address: 0xF6B61000 Size: 36864 File Visible: - Signed: -
    Status: -

    Name: ws2ifsl.sys
    Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
    Address: 0xF7A7F000 Size: 12032 File Visible: - Signed: -
    Status: -

    --------End--------------------

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Office at 2010-01-26 18:12:13
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 19 GB (53%) free of 35 GB
    Total RAM: 766 MB (45% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:12:28, on 1/26/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HughesNetTools\1\bin\McciBrowser.exe
    C:\Program Files\HughesNetTools\1\bin\McciBrowser.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Office\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Office.exe

    R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
    O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Picture Package Menu.lnk.disabled
    O4 - Global Startup: Picture Package VCD Maker.lnk.disabled
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1253521747359
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1244587224828
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} (McciContext Class) - http://phughescw.hughes.motive.com/w...Mcci_6-1-0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - G:\Programs\Common\Database\bin\fbserver.exe (file missing)
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 7496 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-934335678-3210570196-125882890-1032Core.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-934335678-3210570196-125882890-1032UA.job
    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{BABCC35D-64AE-4BD7-9952-16FE21501C3D}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]
    Pop-up Blocker - C:\Program Files\NetZero\qsacc\X1IEBHO.dll [2009-03-18 211464]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
    AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - ZeroBar - C:\Program Files\NetZero\Toolbar.dll [2009-03-18 325128]
    {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-05-19 429816]
    {52836EB0-631A-47B1-94A6-61F9D9112DAE} - Veoh Video Compass - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll [2009-05-18 456440]
    {61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]
    {CCC7A320-B3CA-4199-B1A6-9F516DD69829}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "HughesNetTools_McciTrayApp"=C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe [2007-11-20 1454592]
    ""= []
    "AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2008-12-01 33280]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
    C:\Program Files\NetZero\exec.exe [2009-03-18 1720832]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2006-03-24 98304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-24 151597]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
    C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
    C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Picture Package Menu.lnk.disabled - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    Picture Package VCD Maker.lnk.disabled - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutorun"=67108863

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\WINDOWS\SYSTEM32\FXSCLNT.EXE"="C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console"
    "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
    "C:\WINDOWS\SYSTEM32\DPVSETUP.EXE"="C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\Program Files\aim.exe"="C:\Program Files\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\Program Files\Real\RealPlayer\trueplay.exe"="C:\Program Files\Real\RealPlayer\trueplay.exe:*:Enabled:RealOne Player"
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\CoffeeCup Software\CoffeeCup Visual Site Designer\vsd.exe"="C:\Program Files\CoffeeCup Software\CoffeeCup Visual Site Designer\vsd.exe:*:Enabled:CoffeeCup Visual Site Designer"
    "G:\Programs\movie editor\VstConfig.exe"="G:\Programs\movie editor\VstConfig.exe:*:Enabled:VST-DX Adapter Light"
    "C:\Program Files\AT&T\Communication Manager\LFLauncher.exe"="C:\Program Files\AT&T\Communication Manager\LFLauncher.exe:*:Enabled:Location Finder"
    "C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\3ivxConfig.exe"="C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\3ivxConfig.exe:*:Enabled:3ivx Config"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
    "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
    "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
    "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5f66b04-c8f3-11de-8c04-001111824488}]
    shell\AutoRun\command - F:\ATTPreCopy.exe -d:OPETNAEXPCI


    ======List of files/folders created in the last 1 months======

    2010-01-26 18:12:13 ----DC---- C:\rsit
    2010-01-24 05:09:17 ----HDC---- C:\$AVG
    2010-01-24 05:07:46 ----D---- C:\Program Files\AVG
    2010-01-24 01:44:28 ----DC---- C:\6c3803c0ca87e85bce8ce916af
    2010-01-24 01:22:07 ----AC---- C:\rapport.txt
    2010-01-21 04:32:27 ----DC---- C:\Documents and Settings\All Users\Application Data\Alwil Software
    2010-01-21 03:43:55 ----DC---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
    2010-01-21 03:43:55 ----D---- C:\Program Files\AIM Toolbar
    2010-01-15 04:22:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
    2010-01-15 04:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
    2010-01-11 18:31:40 ----DC---- C:\Documents and Settings\Office\Application Data\Template
    2010-01-09 04:16:45 ----D---- C:\Program Files\Microsoft Works
    2009-12-27 23:25:11 ----DC---- C:\Documents and Settings\Office\Application Data\dvdcss

    ======List of files/folders modified in the last 1 months======

    2010-01-26 18:12:13 ----D---- C:\WINDOWS\Temp
    2010-01-26 18:11:52 ----D---- C:\WINDOWS\Prefetch
    2010-01-26 18:11:32 ----SHD---- C:\WINDOWS\SYSTEM32
    2010-01-26 18:11:32 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-01-26 18:10:32 ----D---- C:\Program Files\Mozilla Firefox
    2010-01-26 18:09:00 ----D---- C:\WINDOWS\system32\DRIVERS
    2010-01-26 18:07:40 ----D---- C:\WINDOWS\system32\IAS
    2010-01-26 18:07:40 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
    2010-01-26 18:07:37 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
    2010-01-26 18:06:20 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-01-26 18:05:20 ----DC---- C:\Documents and Settings
    2010-01-26 18:02:20 ----AD---- C:\WINDOWS
    2010-01-26 18:00:19 ----A---- C:\WINDOWS\NeroDigital.ini
    2010-01-25 16:42:42 ----A---- C:\Program Files\photohse.ini
    2010-01-25 16:42:05 ----A---- C:\Program Files\CorelApp.ini
    2010-01-25 14:54:22 ----D---- C:\Program Files\Custom
    2010-01-25 14:53:59 ----SHD---- C:\WINDOWS\Installer
    2010-01-25 14:53:52 ----DC---- C:\Config.Msi
    2010-01-25 14:53:31 ----D---- C:\WINDOWS\WinSxS
    2010-01-25 14:53:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2010-01-25 14:53:07 ----RSD---- C:\WINDOWS\Fonts
    2010-01-25 14:50:31 ----HD---- C:\WINDOWS\INF
    2010-01-25 14:50:23 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-01-24 20:53:37 ----D---- C:\Program Files\Common Files\ArcSoft
    2010-01-24 20:50:49 ----AD---- C:\Program Files
    2010-01-24 20:43:35 ----RSD---- C:\WINDOWS\ASSEMBLY
    2010-01-24 20:43:32 ----D---- C:\Program Files\OpenOffice.org 3
    2010-01-24 20:41:26 ----D---- C:\temp
    2010-01-24 20:40:54 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-01-24 20:39:54 ----D---- C:\Program Files\Common Files
    2010-01-24 05:00:03 ----SD---- C:\WINDOWS\Tasks
    2010-01-24 04:58:43 ----SDC---- C:\Documents and Settings\Office\Application Data\Microsoft
    2010-01-24 03:07:04 ----D---- C:\WINDOWS\AppPatch
    2010-01-24 03:06:10 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
    2010-01-24 03:06:08 ----D---- C:\Program Files\Internet Explorer
    2010-01-24 03:05:50 ----HD---- C:\WINDOWS\$hf_mig$
    2010-01-24 03:05:48 ----A---- C:\WINDOWS\imsins.BAK
    2010-01-24 01:44:29 ----AC---- C:\WINDOWS\system32\MRT.exe
    2010-01-24 01:26:26 ----A---- C:\WINDOWS\system32\tmp.txt
    2010-01-24 01:04:36 ----A---- C:\WINDOWS\OEWABLog.txt
    2010-01-22 03:42:13 ----SD---- C:\WINDOWS\Downloaded Program Files
    2010-01-21 22:40:06 ----D---- C:\WINDOWS\system32\CatRoot
    2010-01-21 04:32:27 ----D---- C:\Program Files\Alwil Software
    2010-01-21 04:02:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-01-21 03:45:11 ----D---- C:\WINDOWS\system32\CONFIG
    2010-01-21 03:44:40 ----D---- C:\WINDOWS\system32\WBEM
    2010-01-21 03:44:40 ----D---- C:\WINDOWS\Registration
    2010-01-21 03:43:21 ----DC---- C:\Documents and Settings\Office\Application Data\gtk-2.0
    2010-01-21 03:43:19 ----D---- C:\Program Files\DivX
    2010-01-20 17:38:25 ----D---- C:\WINDOWS\system32\FxsTmp
    2010-01-17 23:06:20 ----AC---- C:\WINDOWS\win.ini
    2010-01-14 11:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
    2010-01-09 04:17:07 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-12-29 20:07:39 ----D---- C:\Program Files\Veoh Networks
    2009-12-29 17:24:19 ----DC---- C:\Documents and Settings\Office\Application Data\ArcSoft
    2009-12-28 00:43:30 ----AC---- C:\Program Files\printhse.ini
    2009-12-28 00:43:30 ----A---- C:\Program Files\country.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
    R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
    R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
    R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2008-11-20 18816]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-16 16512]
    R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
    R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
    R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
    R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
    R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
    R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
    R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
    R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
    R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
    R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
    R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
    R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
    R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
    R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-01-28 171008]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-08-13 258368]
    R3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2008-08-22 26760]
    R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
    R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
    S3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys []
    S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2003-08-28 4272]
    S3 catchme;catchme; \??\C:\DOCUME~1\Office\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2004-04-06 100957]
    S3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2006-12-25 18816]
    S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
    S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2004-04-06 5245]
    S3 GT72NDISIPXP;GT 72 IP NDIS; C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
    S3 GT72UBUS;GT 72 U BUS; C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
    S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
    S3 ICAM3NT5;Intel USB Video Camera III; C:\WINDOWS\System32\Drivers\Icam3.sys [2001-08-17 141056]
    S3 Icam4USB;Intel PC Camera Pro; C:\WINDOWS\System32\Drivers\Icam4USB.sys [2001-12-03 160640]
    S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2008-03-07 62570]
    S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
    S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nsysaudm;nsysaudm; \??\C:\DOCUME~1\Angie\LOCALS~1\Temp\nsysaudm.sys []
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
    S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2008-11-20 27072]
    S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
    S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-06-27 313216]
    S3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-02 232192]
    S3 samhid;samhid; C:\WINDOWS\system32\drivers\samhid.sys [2006-01-07 7548]
    S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2004-04-06 4493]
    S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
    S3 SDVPlus;Pinnacle Studio DVplus WDM Renderer; C:\WINDOWS\system32\DRIVERS\SDVPlus.sys [2001-05-15 42102]
    S3 SECYPUSB;SAMSUNG YEPP; C:\WINDOWS\System32\Drivers\SECYEPPX.sys [2002-06-20 38316]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R2 FlipShare Service;FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [2009-06-04 451904]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
    R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
    R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
    R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
    R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
    S2 AOLService;AOL Spyware Protection Service; C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe [2004-06-29 184373]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
    S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-20 113152]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; G:\Programs\Common\Database\bin\fbserver.exe []
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
    S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
    S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

    continued next reply......

  4. #4
    Member
    Join Date
    Sep 2009
    Posts
    34

    Default

    Continued from previous...........

    info.txt logfile of random's system information tool 1.06 2010-01-26 18:12:33

    ======Uninstall list======

    -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUninst.exe -f\"C:\Program Files\Final Fantasy VII\Uninst.isu"
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    3ivx MPEG-4 5.0.3 (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
    AIM 7-->C:\Program Files\AIM\uninst.exe
    AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
    AOL Instant Messenger-->C:\Program Files\uninstll.exe -LOG= C:\Program Files\install.log -OEM=
    Arcade! Classic Arcade Pack-->C:\Program Files\Arcade! Classic Arcade Pack\uninstall.exe
    Astro Assembler-->MsiExec.exe /X{E07888C3-282E-11D5-8ED5-0050BF5CB907}
    AT&T Communication Manager-->MsiExec.exe /X{AF64F216-D859-43FC-9068-0005A41AEBA3}
    Clock Screensaver-->C:\WINDOWS\system32\Clock.scr /u
    CoffeeCup Image Mapper-->C:\PROGRA~1\COFFEE~1\IMAGEM~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\IMAGEM~1\mapperinst.log
    CoffeeCup Visual Site Designer Software-->C:\Program Files\CoffeeCup Software\CoffeeCup Visual Site Designer\uninstall.exe
    CoffeeCup Web Form Builder - Trial-->C:\PROGRA~1\COFFEE~1\COFFEE~2\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~2\INSTALL.LOG
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
    DiscAPI-->MsiExec.exe /X{690D1794-6D7C-4A55-8371-17BAC69C66CE}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Driver Installer-->MsiExec.exe /X{F804CAE5-50B2-4646-803A-A428325237CA}
    DVD43 v3.5.2-->"C:\Program Files\dvd43\unins000.exe"
    Final Fantasy VII - Ultima Edition-->"C:\Program Files\Final Fantasy VII\unins000.exe"
    First Step Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C797EAF2-707A-4239-BDF3-F2672314A734}\setup.exe" -l0x9 UNINSTALL
    FlipShare-->MsiExec.exe /X{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}
    Fruity Loops 3 Full Final-->G:\Programs\New Folder\SXUNINST.EXE
    GGE909 PC Recoil Pad-->C:\PROGRA~1\GAMEEL~1\GGE909~1\UNWISE.EXE C:\PROGRA~1\GAMEEL~1\GGE909~1\INSTALL.LOG
    GLtron version 0.62-->"C:\Program Files\GLtron\unins000.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hollywood FX 5.5 Additional Effects-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\unextralog
    Homestead SiteBuilder-->C:\Program Files\Homestead\Homestead SiteBuilder\hkuninst.exe -path C:\Program Files\Homestead\Homestead SiteBuilder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
    HughesNetTools-->C:\WINDOWS\system32\h53unin.bat
    ImageMixer VCD2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
    Intel(R) Audio/Video Compression/Decompression Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02017D84-0A71-11D2-8AEC-00C04FCE8B09}\setup.exe" -uninst
    Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
    Jardinains!-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-Jardinains!.dat
    Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016F0}
    Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
    JumpStart 4th Grade v1.3-->C:\WINDOWS\IsUninst.exe -fC:\KA\4G\DeIsL1.isu
    Lunarmedia Clock B.-->C:\Program Files\Lunarmedia Clock B.\uninstall.exe
    Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0C0A-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
    Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    Muppet Babies - Air, Land and Sea-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52496559-216D-483F-AC79-9F9B089F4274}\Setup.exe"
    MyDSC2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
    Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
    Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
    NetZero Connection Wizard-->"C:\Program Files\Connection Wizard\unInstall.exe"
    NetZero Internet-->"C:\Program Files\NetZero\NetZeroUninstaller.exe"
    NewWrlds-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Interplay Entertainment Corp\New Worlds\Uninst.isu"
    Pinnacle device drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F866D37-22D0-435D-94F1-31A64D566D0E}\Setup.exe" -l0x9
    Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
    Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\Setup.exe" -l0x9 UNINSTALL
    Pinnacle PCI Performance Enhancer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E5A81BA-4702-490A-B729-0BFF6E7CBF96}\setup.exe" -l0x9
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    RAPID-->MsiExec.exe /X{CEF37035-C1BB-4174-8175-1E878435F61A}
    Reader Rabbit's 1st Grade-->C:\WINDOWS\uninst.exe -fC:\TLCWIN\RRF\uninstal\DeIsL1.isu
    RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
    Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
    SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
    Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Studio 9 Content CD/DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x9 UNINSTALL
    Studio 9.4 Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x9 UNINSTALL
    Studio 9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
    Super Smashed Bros 1.0-->C:\WINDOWS\iun6002.exe "c:\smashbro\irunin.ini"
    Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
    Uninstall Dual Mode Camera-->"C:\Program Files\JL2005B\unins000.exe"
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
    Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
    Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
    Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    Veoh Video Compass-->C:\Program Files\Veoh Networks\Veoh Video Compass\uninst.exe
    Veoh Video Uploader-->C:\Program Files\Veoh Networks\Veoh Video Uploader\uninst.exe
    Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    Vista Icon Pack v3 System Patch-->VIPuninstall.bat
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    What's Her Face!(tm) CD-ROM-->C:\Program Files\Common Files\VUG\Uninstall\WHFaceUn.exe
    Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
    Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
    Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
    Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
    Yahtzee-->"C:\WINDOWS\Yahtzee\uninstall.exe" "/U:C:\Program Files\Yahtzee\Uninstall\uninstall.xml"

    =====HijackThis Backups=====

    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-01-21]
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab [2010-01-21]
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-01-21]
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab [2010-01-22]
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab [2010-01-22]

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======System event log======

    Computer Name: HOME
    Event Code: 49
    Message: Configuring the Page file for crash dump failed. Make sure there is a page
    file on the boot partition and that is large enough to contain all physical
    memory.

    Record Number: 4038
    Source Name: Ftdisk
    Time Written: 20100123061402.000000-360
    Event Type: error
    User:

    Computer Name: HOME
    Event Code: 45
    Message: The system could not sucessfully load the crash dump driver.

    Record Number: 4037
    Source Name: Ftdisk
    Time Written: 20100123061402.000000-360
    Event Type: error
    User:

    Computer Name: HOME
    Event Code: 7034
    Message: The Terminal Services service terminated unexpectedly. It has done this 1 time(s).

    Record Number: 4032
    Source Name: Service Control Manager
    Time Written: 20100123061228.000000-360
    Event Type: error
    User:

    Computer Name: HOME
    Event Code: 7031
    Message: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

    Record Number: 4031
    Source Name: Service Control Manager
    Time Written: 20100123061228.000000-360
    Event Type: error
    User:

    Computer Name: HOME
    Event Code: 20192
    Message: A certificate could not be found. Connections that use the L2TP protocol over IPSec
    require the installation of a machine certificate, also known as a computer
    certificate. No L2TP calls will be accepted.

    Record Number: 4016
    Source Name: RemoteAccess
    Time Written: 20100123054942.000000-360
    Event Type: warning
    User:

    =====Application event log=====

    Computer Name: HOME
    Event Code: 1003
    Message: TraceFileName parameter not located in registry;
    Default trace file used is .

    Record Number: 12899
    Source Name: EvntAgnt
    Time Written: 20091127115346.000000-360
    Event Type: warning
    User:

    Computer Name: HOME
    Event Code: 1517
    Message: Windows saved user HOME\Office registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 12893
    Source Name: Userenv
    Time Written: 20091127041658.000000-360
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: HOME
    Event Code: 1015
    Message: TraceLevel parameter not located in registry;
    Default trace level used is 32.

    Record Number: 12689
    Source Name: EvntAgnt
    Time Written: 20091127040138.000000-360
    Event Type: warning
    User:

    Computer Name: HOME
    Event Code: 1003
    Message: TraceFileName parameter not located in registry;
    Default trace file used is .

    Record Number: 12688
    Source Name: EvntAgnt
    Time Written: 20091127040138.000000-360
    Event Type: warning
    User:

    Computer Name: HOME
    Event Code: 1517
    Message: Windows saved user HOME\Office registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 12598
    Source Name: Userenv
    Time Written: 20091127035540.000000-360
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "NUMBER_OF_PROCESSORS"=1
    "OS"=Windows_NT
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter;F:\Program Files\Avid\Avid Liquid 7\QTPlugIns;C:\Program Files\Pinnacle\Shared Files\\Filter
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_REVISION"=0304
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "windir"=%SystemRoot%

    -----------------EOF-----------------

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets do this

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Member
    Join Date
    Sep 2009
    Posts
    34

    Default

    Hi Ken45,

    Here are the newest logs requested. Thank You

    ComboFix 10-01-26.02 - Office 01/26/2010 19:53:35.6.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.514 [GMT -6:00]
    Running from: c:\documents and settings\Office\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Office\Application Data\MSA\download.list
    c:\documents and settings\Office\Application Data\MSA\update.list
    C:\Thumbs.db
    c:\windows\EventSystem.log
    c:\windows\system32\Thumbs.db
    c:\windows\system32\tmp.reg
    c:\windows\unins000.dat
    c:\windows\unins000.exe

    Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
    Restored copy from - Kitty ate it :p
    .
    ((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
    .

    2010-01-27 00:12 . 2010-01-27 00:12 -------- dc----w- C:\rsit
    2010-01-25 02:34 . 2010-01-25 02:34 -------- d-----w- c:\documents and settings\Angie\Application Data\Bytemobile
    2010-01-24 23:40 . 2010-01-24 23:40 -------- dc----w- c:\documents and settings\Jessy\Local Settings\Application Data\AVG Security Toolbar
    2010-01-21 10:32 . 2010-01-21 10:32 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-01-21 09:44 . 2010-01-21 09:44 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-01-21 09:43 . 2010-01-21 09:43 -------- dc----w- c:\documents and settings\Office\Local Settings\Application Data\AIM Toolbar
    2010-01-21 09:43 . 2010-01-21 09:43 -------- dc----w- c:\documents and settings\All Users\Application Data\AIM Toolbar
    2010-01-21 09:43 . 2010-01-21 09:43 -------- d-----w- c:\program files\AIM Toolbar
    2010-01-12 20:18 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-01-12 00:31 . 2010-01-12 00:31 -------- dc----w- c:\documents and settings\Office\Application Data\Template
    2010-01-10 00:58 . 2010-01-10 00:59 -------- d-----w- c:\documents and settings\Angie\Application Data\acccore
    2010-01-10 00:58 . 2010-01-10 00:58 -------- d-----w- c:\documents and settings\Angie\Local Settings\Application Data\AIM
    2010-01-10 00:58 . 2010-01-10 00:58 -------- d-----w- c:\documents and settings\Angie\Local Settings\Application Data\AOL
    2010-01-09 10:16 . 2010-01-25 20:53 -------- d-----w- c:\program files\Microsoft Works
    2010-01-02 06:38 . 2010-01-21 09:43 -------- d-----w- c:\windows\system32\config\systemprofile\UserData
    2009-12-28 05:25 . 2009-12-28 05:25 -------- dc----w- c:\documents and settings\Office\Application Data\dvdcss

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-27 02:01 . 2009-10-05 22:39 -------- dc----w- c:\documents and settings\Office\Application Data\MSA
    2010-01-25 22:42 . 2004-12-24 06:43 2513 ----a-w- c:\program files\photohse.ini
    2010-01-25 22:42 . 2004-12-24 06:43 1323 ----a-w- c:\program files\CorelApp.ini
    2010-01-25 22:42 . 2004-12-23 13:25 -------- d-----w- c:\program files\Custom
    2010-01-25 02:53 . 2009-12-25 20:19 -------- d-----w- c:\program files\Common Files\ArcSoft
    2010-01-25 02:43 . 2009-12-01 14:28 -------- d-----w- c:\program files\OpenOffice.org 3
    2010-01-25 02:40 . 2004-12-12 06:39 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-25 02:35 . 2005-04-18 19:51 17920 -csha-w- c:\program files\Thumbs.db
    2010-01-24 23:25 . 2010-01-24 07:04 -------- dc----w- c:\documents and settings\slappy seymour\Application Data\ArcSoft
    2010-01-24 11:07 . 2010-01-24 11:07 -------- d-----w- c:\program files\AVG
    2010-01-24 07:05 . 2010-01-24 07:05 -------- dc----w- c:\documents and settings\slappy seymour\Application Data\AT&T
    2010-01-24 07:04 . 2010-01-24 07:04 118032 -c--a-w- c:\documents and settings\slappy seymour\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-23 20:45 . 2006-08-06 10:50 118032 -c--a-w- c:\documents and settings\Angie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-23 12:12 . 2009-07-17 23:56 76 -c--a-w- c:\documents and settings\Office\Application Data\ftpfile.dat
    2010-01-21 10:32 . 2009-09-15 18:23 -------- d-----w- c:\program files\Alwil Software
    2010-01-21 10:02 . 2009-09-21 05:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-21 10:00 . 2010-01-21 10:00 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-21 09:49 . 2009-03-07 21:05 118032 -c--a-w- c:\documents and settings\Office\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-21 09:43 . 2009-04-29 02:04 -------- dc----w- c:\documents and settings\Office\Application Data\gtk-2.0
    2010-01-21 09:43 . 2005-01-13 23:11 -------- d-----w- c:\program files\DivX
    2010-01-20 08:28 . 2010-01-11 23:34 646 -c--a-w- c:\documents and settings\Office\Application Data\wklnhst.dat
    2010-01-14 17:12 . 2009-12-17 17:37 181120 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-10 06:41 . 2009-08-09 20:07 132512 -c--a-w- c:\documents and settings\Jessy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-09 11:56 . 2005-05-02 16:09 100261 -c-ha-w- c:\program files\photohse.GID
    2010-01-07 22:07 . 2009-09-21 05:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 22:07 . 2009-09-21 05:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-30 02:07 . 2009-07-09 09:31 -------- d-----w- c:\program files\Veoh Networks
    2009-12-29 23:24 . 2009-12-25 20:20 -------- dc----w- c:\documents and settings\Office\Application Data\ArcSoft
    2009-12-28 06:43 . 2004-12-24 06:43 338 ----a-w- c:\program files\country.ini
    2009-12-28 06:43 . 2004-12-24 06:42 3272 -c--a-w- c:\program files\printhse.ini
    2009-12-26 03:19 . 2009-12-26 03:19 -------- d-----w- c:\documents and settings\Angie\Application Data\ArcSoft
    2009-12-25 22:26 . 2009-12-25 22:26 -------- dc----w- c:\documents and settings\Jessy\Application Data\ArcSoft
    2009-12-25 20:29 . 2009-12-25 20:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\ArcSoft
    2009-12-24 03:02 . 2009-12-24 03:02 -------- dc----w- c:\documents and settings\Jessy\Application Data\DivX
    2009-12-21 20:39 . 2009-12-21 20:39 -------- dc----w- c:\documents and settings\Office\Application Data\Bytemobile
    2009-12-21 19:14 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-12-20 20:43 . 2009-12-20 20:43 -------- dc----w- c:\documents and settings\Jessy\Application Data\AT&T
    2009-12-20 20:43 . 2009-12-20 20:43 -------- dc----w- c:\documents and settings\Jessy\Application Data\Malwarebytes
    2009-12-18 18:47 . 2009-12-18 18:47 -------- d-----w- c:\documents and settings\Angie\Application Data\AT&T
    2009-12-02 01:47 . 2009-07-16 14:43 -------- d-----w- c:\program files\CoffeeCup Software
    2009-12-01 14:38 . 2009-12-01 14:38 1 -c--a-w- c:\documents and settings\Office\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-12-01 14:31 . 2009-12-01 14:31 -------- dc----w- c:\documents and settings\Office\Application Data\OpenOffice.org
    2009-12-01 14:27 . 2004-12-12 06:39 -------- d-----w- c:\program files\Java
    2009-12-01 14:17 . 2009-12-01 14:15 -------- dc----w- c:\documents and settings\Office\Application Data\Download Manager
    2009-12-01 13:56 . 2009-12-01 13:54 -------- d-----w- c:\program files\MSECache
    2009-11-30 11:02 . 2009-11-30 11:02 -------- dc----w- c:\documents and settings\Office\Application Data\acccore
    2009-11-30 10:49 . 2009-11-30 10:49 -------- dc----w- c:\documents and settings\All Users\Application Data\AIM
    2009-11-30 10:49 . 2009-11-30 10:49 -------- d-----w- c:\program files\AIM
    2009-11-30 10:49 . 2004-12-12 06:52 -------- d-----w- c:\program files\Common Files\AOL
    2009-11-28 15:16 . 2009-08-07 07:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-27 20:17 . 2005-01-26 13:32 171 ----a-w- c:\program files\Color.ini
    2009-11-24 12:55 . 2009-11-24 12:55 152576 -c--a-w- c:\documents and settings\Office\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-24 12:55 . 2009-11-24 12:55 79488 -c--a-w- c:\documents and settings\Office\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-21 15:51 . 2004-08-04 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-16 06:52 . 2009-11-16 06:52 16 ---ha-w- c:\program files\mxfilerelatedcache.mxc2
    2009-05-14 21:54 . 2006-03-02 16:25 69477 -c-ha-w- c:\program files\aim95.GID
    2009-03-05 09:35 . 2007-03-13 00:45 8444 -c--a-w- c:\program files\Xpcs Registry.dat
    2009-02-09 23:57 . 2003-12-10 05:39 178 -c--a-w- c:\program files\log.txt
    2008-10-30 17:39 . 2004-12-24 06:43 2449 -c--a-w- c:\program files\corelprn.ini
    2005-05-26 13:32 . 2005-04-06 14:51 38435 -c--a-w- c:\program files\licens32.txt
    2005-05-21 02:00 . 2005-05-21 01:58 148564 -c-ha-w- c:\program files\Printhse.GID
    2005-04-08 13:07 . 2005-04-06 14:51 611 ----a-w- c:\program files\Uninstall AOL Instant Messenger.lnk
    2004-12-24 06:44 . 2004-12-24 06:42 713 -c----w- c:\program files\BOX.REG
    2004-12-24 06:44 . 2004-12-24 06:43 2860 -c----w- c:\program files\PHOTOHSE.REG
    2004-12-24 06:44 . 2004-12-24 06:42 832 -c----w- c:\program files\PRINTHSE.REG
    2004-08-27 23:29 . 2005-04-06 14:51 1935 -c--a-w- c:\program files\icbmftvc.lst
    2004-03-12 21:02 . 2005-04-06 14:51 116900 ----a-w- c:\program files\uninstll.exe
    2004-03-12 21:02 . 2005-04-06 14:51 1466368 ----a-w- c:\program files\AimRes.dll
    2004-03-12 20:22 . 2005-04-06 14:51 61440 ----a-w- c:\program files\aim.exe
    2004-03-12 20:22 . 2005-04-06 14:51 131072 ----a-w- c:\program files\ateima32.dll
    2004-03-12 20:21 . 2005-04-06 14:51 61440 -c--a-w- c:\program files\AlertUI.ocm
    2004-03-12 20:21 . 2005-04-06 14:51 25088 -c--a-w- c:\program files\browse.ocm
    2004-03-12 20:21 . 2005-04-06 14:51 208896 -c--a-w- c:\program files\buddyui.ocm
    2004-03-12 20:21 . 2005-04-06 14:51 225280 ----a-w- c:\program files\AimSecondarySvcs.dll
    2004-03-12 20:21 . 2005-04-06 14:51 6144 -c--a-w- c:\program files\stats.ocm
    2004-03-12 20:21 . 2005-04-06 14:51 98304 -c--a-w- c:\program files\ChatUI.ocm
    2004-03-12 20:20 . 2005-04-06 14:51 192512 ----a-w- c:\program files\AimCoreSvcs.dll
    2004-03-12 20:20 . 2005-04-06 14:51 237568 -c--a-w- c:\program files\icbmui.ocm
    2004-03-12 20:20 . 2005-04-06 14:51 94208 -c--a-w- c:\program files\ticker.ocm
    2004-03-12 20:19 . 2005-04-06 14:51 98304 ----a-w- c:\program files\aimapi.dll
    2004-03-12 20:19 . 2005-04-06 14:51 15872 -c--a-w- c:\program files\Admin.ocm
    2004-03-12 20:19 . 2005-04-06 14:51 135168 -c--a-w- c:\program files\locateui.ocm
    2004-03-12 20:19 . 2005-04-06 14:51 184320 -c--a-w- c:\program files\miscui.ocm
    2004-03-12 20:19 . 2005-04-06 14:51 14848 -c--a-w- c:\program files\NTP.ocm
    2004-03-12 20:18 . 2005-04-06 14:51 59904 -c--a-w- c:\program files\OscMail.ocm
    2004-03-12 20:18 . 2005-04-06 14:51 19456 ----a-w- c:\program files\aimtalk.dll
    2004-03-12 20:18 . 2005-04-06 14:51 69632 -c--a-w- c:\program files\osclogin.ocm
    2004-03-12 20:18 . 2005-04-06 14:51 9216 -c--a-w- c:\program files\oscmain.ocm
    2004-03-12 20:18 . 2005-04-06 14:51 53248 -c--a-w- c:\program files\startup.ocm
    2004-03-12 20:18 . 2005-04-06 14:51 147456 ----a-w- c:\program files\aimauto.exe
    2004-03-12 20:17 . 2005-04-06 14:51 81920 -c--a-w- c:\program files\OscSrch.ocm
    2004-03-12 20:17 . 2005-04-06 14:51 2048 ----a-w- c:\program files\ShareFile.exe
    2004-03-12 20:17 . 2005-04-06 14:51 2048 ----a-w- c:\program files\SendFile.exe
    2004-03-12 20:17 . 2005-04-06 14:51 13824 -c--a-w- c:\program files\osconfig.ocm
    2004-03-12 20:17 . 2005-04-06 14:51 39424 -c--a-w- c:\program files\rvapps.ocm
    2004-03-12 20:17 . 2005-04-06 14:51 13312 -c--a-w- c:\program files\popup.ocm
    2004-03-12 20:17 . 2005-04-06 14:51 69632 ----a-w- c:\program files\Patcher.dll
    2004-03-12 20:17 . 2005-04-06 14:51 172032 ----a-w- c:\program files\rtvideo.dll
    2004-03-12 20:16 . 2005-04-06 14:51 49152 ----a-w- c:\program files\ProgressDlg.dll
    2004-03-12 20:16 . 2005-04-06 14:51 204800 ----a-w- c:\program files\wndutils.dll
    2002-08-01 01:55 . 2009-07-16 14:44 106 --sh--w- c:\windows\WSYS049.SYS
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HughesNetTools_McciTrayApp"="c:\program files\HughesNetTools\1\McciTrayApp_SSR.exe" [2007-11-20 1454592]
    "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Picture Package Menu.lnk.disabled [2009-8-11 964]
    Picture Package VCD Maker.lnk.disabled [2009-8-11 1015]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
    backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
    backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
    2009-03-19 02:07 1720832 ----a-w- c:\program files\NetZero\exec.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2006-03-24 06:20 98304 -c--a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2006-03-24 06:18 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "oldavast"=c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
    "c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
    "c:\\Program Files\\aim.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\vsd.exe"=
    "c:\\Program Files\\AT&T\\Communication Manager\\LFLauncher.exe"=
    "c:\\Program Files\\3ivx\\3ivx MPEG-4 5.0.3\\3ivxConfig.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)
    "AllowInboundEchoRequest"= 1 (0x1)

    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 10:07 PM 113152]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;g:\programs\Common\Database\bin\fbserver.exe --> g:\programs\Common\Database\bin\fbserver.exe [?]
    S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\SYSTEM32\DRIVERS\Gt51Ip.sys [2/18/2008 4:14 PM 106624]
    S3 GT72UBUS;GT 72 U BUS;c:\windows\SYSTEM32\DRIVERS\gt72ubus.sys [2/8/2008 12:00 PM 59648]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [9/20/2009 11:10 PM 38224]
    S3 samhid;samhid;c:\windows\SYSTEM32\DRIVERS\Samhid.sys [12/25/2006 12:41 PM 7548]
    S3 SDVPlus;Pinnacle Studio DVplus WDM Renderer;c:\windows\SYSTEM32\DRIVERS\SDVPlus.sys [3/14/2006 12:15 AM 42102]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934335678-3210570196-125882890-1032Core.job
    - c:\documents and settings\Office\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-05 11:32]

    2010-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934335678-3210570196-125882890-1032UA.job
    - c:\documents and settings\Office\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-05 11:32]

    2010-01-27 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-08-07 20:31]

    2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{BABCC35D-64AE-4BD7-9952-16FE21501C3D}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    LSP: bmnet.dll
    Trusted Zone: musicmatch.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} - hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
    FF - ProfilePath - c:\documents and settings\Office\Application Data\Mozilla\Firefox\Profiles\wpzoq6gr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\documents and settings\Office\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    SafeBoot-MsMpSvc
    MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    AddRemove-Final Fantasy VII - c:\program files\Final Fantasy VII\Uninst.isu
    AddRemove-Fruity Loops 3 Full Final - g:\programs\New Folder\SXUNINST.EXE
    AddRemove-NewWrlds - c:\program files\Interplay Entertainment Corp\New Worlds\Uninst.isu



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-26 20:04
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(792)
    c:\windows\system32\bmnet.dll

    - - - - - - - > 'explorer.exe'(3844)
    c:\windows\system32\WININET.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\System32\snmp.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\HughesNetTools\1\bin\McciBrowser.exe
    c:\program files\HughesNetTools\1\bin\McciBrowser.exe
    .
    **************************************************************************
    .
    Completion time: 2010-01-26 20:18:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-01-27 02:18

    Pre-Run: 19,293,437,952 bytes free
    Post-Run: 19,396,710,400 bytes free

    - - End Of File - - 6F8D12130EF364616B0B1CCD81C19B68


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:25:37, on 1/26/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\HughesNetTools\1\bin\McciBrowser.exe
    C:\Program Files\HughesNetTools\1\bin\McciBrowser.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O4 - HKLM\..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
    O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - Global Startup: Picture Package Menu.lnk.disabled
    O4 - Global Startup: Picture Package VCD Maker.lnk.disabled
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1253521747359
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1244587224828
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} (McciContext Class) - http://phughescw.hughes.motive.com/w...Mcci_6-1-0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - G:\Programs\Common\Database\bin\fbserver.exe (file missing)
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 7591 bytes

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Lets see if there is more to remove

    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report and also a new HJT log please



    Post the log from Malwarebytes , a new HJT log and let me know how things are running now ???
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Member
    Join Date
    Sep 2009
    Posts
    34

    Default

    Hello Ken45,

    Thank You once again. Glad to say things are running much better now. I was able to run a full scan of malwarebytes without the system shutting down.

    Here are the malwarebytes and hjt logs.

    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/27/2010 8:04:52 PM
    mbam-log-2010-01-27 (20-04-52).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 247132
    Time elapsed: 2 hour(s), 7 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP120\A0074748.sys (Malware.Trace) -> Quarantined and deleted successfully.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:33:57, on 1/27/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HughesNetTools\1\bin\McciBrowser.exe
    C:\Program Files\HughesNetTools\1\bin\McciBrowser.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O4 - HKLM\..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
    O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - Global Startup: Picture Package Menu.lnk.disabled
    O4 - Global Startup: Picture Package VCD Maker.lnk.disabled
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1253521747359
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1244587224828
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} (McciContext Class) - http://phughescw.hughes.motive.com/w...Mcci_6-1-0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - G:\Programs\Common\Database\bin\fbserver.exe (file missing)
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 7578 bytes

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    What Malwarebytes found was an entry in your System Restore program, what we're going to do is flush that all out and its extremely important to create a new restore point

    System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

    Turn off System Restore.

    • Right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore on all Drives.
    • Click Apply, and then click OK.


    Reboot your computer

    Turn ON System Restore.

    • Right-click My Computer.
    • ClickProperties.
    • Click the System Restore tab.
    • UN-Check Turn off System Restore on all Drives.
    • Click Apply, and then click OK.


    Create a new Restore Point <-- Very Important

    • Go to Start> All Programs> Assesories> System Tools> System Restore and create a New Restore Point

    System Restore Tutorial <-- If you need it






    Lets update your Java to make your system more secure

    Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 18, if not proceed with the instructions.

    Download the latest version Here save it, do not install it yet.

    Java SE Runtime Environment (JRE)JRE 6 Update 18 <--The wording is confusing but this is what you need

    • Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
    • Reboot your computer
    • Install the latest version

    You can verify the installation Here




    Looks like your good to go



    Now to remove most of the tools that we have used in fixing your machine:
    • Make sure you have an Internet Connection.
    • Download OTC to your desktop and run it
    • A list of tool components used in the cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
    • Click Yes to begin the cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.









    Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

    Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
    • Spybot Search and Destroy 1.6
      Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
    • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
    • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
    • IE-Spyad
      IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Member
    Join Date
    Sep 2009
    Posts
    34

    Default Thank You

    Hi Ken,

    Everything is running great! Thanks for all your help in resolving this matter.
    You are the best support team anywhere, bar none.

    J. Seymour

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •