Major malware problem that will not go away

Status
Not open for further replies.
I was unable to remove

Norton Internet Security
Norton Internet Security (Symantec Corporation)

I cannot find Norton Internet Security in the add/remove section.
Norton Internet Security (Symantec Corporation) refused to be removed. Initially it began to work then it (i assumed) finished, however was still present when i tried to remove it again i received an error message.
 
Once again Victor i want to apologise for the delay and would like to reiterate i am grateful for your assistance and time.
 
Ok, no problem.


Norton Removal Tool

  1. Please go to Norton Removal Tool
  2. Select the removal tool that corresponds to your installed Norton Product... Save it to your desktop.
  3. Click the Norton Removal Tool, on your desktop, to begin the removal process.
  4. Follow the prompts and instructions.


Warning

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear the infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any important files and folders that you don't want to lose before you continue with the instructions below. You need to understand that any damages resulting from our attempts to help you clean your computer of malware are YOUR RESPONSIBILITY.


Disable AVG

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes and close the window.
Note: Don't forget to re-enable it after the fix.


Download and Run ComboFix

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Please ensure you read the following guide carefully and install the Recovery Console when prompted.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode. This allows us to more easily help you if your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Click here to visit BleepingComputer's ComboFix page for download links, and a guide for running the tool.

Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review.


You can now enable AVG Antivirus.


When ready, please post (you can use more than one post):
  • the ComboFix log
  • did any problems occur while following the instructions?
 
Hi Victor,

Is Combo fix going to re-format my pc?

Is the malware situation that bad?

I want to transfer all my important files (mainly word documents) onto a USB sticks, is there any risk of the malware "jumping" onto the USB resulting in re-infection at a future date?

According to the properties section "My documents" is just under 1GB (800MB) is it wise to copy that into a USB (i have a 1GB USB)?
Just means saving all my work is far easier/quicker.
 
AndyUK said:
Is Combo fix going to re-format my pc?
Click to expand...
No, Combofix is a malware disinfection tool.


To securely use your usb stick without reformatting it:

Flash Disinfector

  1. Safely remove your USB Stick from your computer (if connected).
  2. Please download Flash_Disinfector...by sUBs and save it to your desktop.
  3. Double click Flash_Disinfector.exe to run it. If prompted with "Do you want to run this file?" ...press the "Yes" button.
  4. Plug in your flash drive...when prompted.
  5. Flash_Disinfector will start disinfecting your flash and hard drives.
    This takes a few seconds. Your desktop will disappear in the meantime...this is normal.
  6. When done, a message "Done!" box will appear. Click the OK...button.
  7. Your desktop should now appear. If it doesn't, press (Ctrl + Shift + Esc) or (Ctrl+Alt+Delete) to open Task Manager.
    Click on File...then select, press New Task (Run...).
    In the "Create New Task" entry box...type in explorer.exe and press Enter. Your desktop should now appear.
Flash Disinfector, as a security measure, will put a folder called Autorun.inf on your hard drive(s) and each removable drive it processed.
This prevents malicious software from putting it's own "autorun.inf" file on the drive.
Note: This procedure should be performed on each flash drive you have, to prevent reinfection.


You can now copy your files onto the USB stick. Please disconnect it from the computer while running ComboFix.
 
Hey Victor,

Reading about Combo fix and the possible damage it can do is a bit worrying.

Decided to buy some new USBs and have been making copies of important files. I have not run Combo fix yet and will do so today once i finish (re-creating my "arrangement"/organised method on the pc into USBs is lot more time consuming than i imagined).

Thought i would post this in case you thought i have gone awol again.
 
Hey Victor,

Here is the Combo Fix log.

However some things of concern which happened as i ran this, my clock did not re-set nor did the internet connection disconnect -which the instruction guide said would happen.

Furthermore once the scan had began after about five minutes i left my pc, returning ten minutes later and my PC had re-start and i was at the user login screen. Once i logged back in ComboFix finished running, producing the log.

Is that normal -ComboFix restarting the PC?

(P.S. I have borrowed a laptop from my sister to do my work, so if my connection goes -for any reasons ect- i can still access this site).


-------------------------------------------------------------------

ComboFix 10-07-12.02 - OWNER 12/07/2010 22:39:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.143 [GMT 1:00]
Running from: c:\documents and settings\OWNER\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\2280639600.dat
c:\windows\system32\zip32.dll
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SCHEDULEVAIOMEDIAPLATFORM-VIDEOSERVER-UPNP
-------\Legacy_STISVCUPS
-------\Service_ScheduleVAIOMediaPlatform-VideoServer-UPnP
-------\Service_stisvcUPS


((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-12 02:15 . 2010-07-12 02:15 -------- d-sh--w- c:\documents and settings\OWNER\UserData
2010-07-04 10:11 . 2010-07-04 10:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-06-26 06:41 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-26 05:36 . 2010-07-12 01:29 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-26 05:35 . 2010-06-26 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-26 05:35 . 2010-06-26 05:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-26 03:24 . 2010-06-26 03:24 -------- d-----w- c:\windows\system32\NtmsData
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-26 01:27 . 2010-06-26 01:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-26 00:04 . 2010-06-26 00:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-25 23:58 . 2010-06-25 23:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-25 23:57 . 2010-07-02 16:02 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Temp
2010-06-25 23:56 . 2010-06-26 00:00 -------- d-----w- c:\program files\Google
2010-06-25 23:55 . 2010-07-08 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-25 02:53 . 2010-06-25 02:53 -------- d-----w- c:\documents and settings\OWNER\Application Data\Malwarebytes
2010-06-25 02:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 02:52 . 2010-06-25 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-25 02:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 02:52 . 2010-06-25 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 03:04 . 2010-06-24 03:04 52864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-24 03:04 . 2010-06-24 03:04 -------- d-----w- c:\documents and settings\OWNER\Application Data\Apple Computer
2010-06-23 23:04 . 2010-06-23 23:04 -------- d-----w- c:\program files\Bonjour
2010-06-23 22:57 . 2010-06-23 22:58 -------- d-----w- c:\program files\Safari
2010-06-23 22:37 . 2010-06-24 00:42 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 22:32 . 2010-06-23 22:34 -------- d-----w- c:\program files\QuickTime
2010-06-23 22:32 . 2010-06-23 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-23 04:50 . 2010-06-24 06:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\acuxlstaf
2010-06-21 19:10 . 2010-06-26 05:59 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-21 16:25 . 2010-06-21 16:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-18 04:49 . 2010-06-18 04:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 21:19 . 2004-08-30 00:55 27047231 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-07-08 16:52 . 2003-12-02 09:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-08 16:48 . 2006-05-01 20:06 -------- d-----w- c:\documents and settings\OWNER\Application Data\Lavasoft
2010-07-04 03:30 . 2006-05-01 19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-04 03:09 . 2006-05-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 03:07 . 2003-12-02 09:13 -------- d-----w- c:\program files\Common Files\Java
2010-06-29 08:29 . 2010-06-29 08:29 1039712 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-06-27 22:40 . 2009-06-07 14:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-25 12:15 . 2004-08-29 20:44 69976 ----a-w- c:\documents and settings\OWNER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 22:53 . 2010-06-23 22:53 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-23 04:53 . 2010-05-20 03:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 16:27 . 2010-06-21 16:27 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-06-21 16:27 . 2010-06-21 16:27 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-21 16:27 . 2010-06-21 16:27 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-06-21 16:27 . 2010-06-21 16:27 26120 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-06-21 16:27 . 2010-06-21 16:27 25096 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-06-21 16:27 . 2010-06-21 16:27 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-06-21 16:27 . 2010-06-21 16:27 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-06-21 16:26 . 2009-04-10 14:29 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 16:24 . 2010-06-05 04:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-21 16:20 . 2009-04-10 14:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 16:18 . 2010-06-21 16:18 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-06-21 16:18 . 2010-06-21 16:18 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-06-21 16:18 . 2010-06-21 16:18 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-06-20 04:25 . 2010-06-05 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-20 04:22 . 2010-01-25 22:19 -------- d-----w- c:\documents and settings\OWNER\Application Data\Biiv
2010-06-20 04:22 . 2007-04-10 08:48 -------- d-----w- c:\documents and settings\OWNER\Application Data\Beilr
2010-06-07 14:59 . 2010-06-07 14:59 -------- d-----w- c:\documents and settings\OWNER\Application Data\AVG9
2010-06-06 00:17 . 2010-06-06 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-06-06 00:09 . 2003-12-23 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 00:06 . 2010-06-06 00:06 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-06-05 05:18 . 2010-06-05 05:18 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-05 05:17 . 2006-11-25 18:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-05 04:58 . 2010-06-05 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-05 04:55 . 2010-06-05 04:55 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-05 04:51 . 2010-06-05 04:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-05 04:51 . 2010-06-05 04:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-06-05 04:49 . 2009-04-10 14:28 -------- d-----w- c:\program files\AVG
2010-06-04 22:47 . 2007-08-23 13:25 -------- d-----w- c:\documents and settings\OWNER\Application Data\Fehiz
2010-06-04 22:47 . 2005-02-04 21:18 -------- d-----w- c:\documents and settings\OWNER\Application Data\Ufuhi
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-06-04 18:02 . 2009-09-13 16:01 120 ----a-w- c:\windows\Mnefecofezip.dat
2010-06-03 23:43 . 2009-09-13 16:01 0 ----a-w- c:\windows\Uyuhupavidif.bin
2010-05-29 13:37 . 2006-11-14 00:31 -------- d-----w- c:\documents and settings\OWNER\Application Data\Dyqios
2010-05-24 16:49 . 2010-05-24 16:49 503808 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\msvcp71.dll
2010-05-24 16:49 . 2010-05-24 16:49 499712 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\jmc.dll
2010-05-24 16:49 . 2010-05-24 16:49 348160 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\msvcr71.dll
2010-05-24 16:49 . 2010-05-24 16:49 61440 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64651902-n\decora-sse.dll
2010-05-24 16:49 . 2010-05-24 16:49 12800 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64651902-n\decora-d3d.dll
2010-05-24 16:49 . 2003-12-02 09:13 -------- d-----w- c:\program files\Java
2010-05-24 14:47 . 2007-02-07 14:33 -------- d-----w- c:\documents and settings\OWNER\Application Data\Loyb
2010-05-21 22:35 . 2010-05-21 22:35 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 12:14 . 2010-05-17 12:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Thunderbird
2010-05-06 10:41 . 2003-12-01 15:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-12-01 15:30 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-12-01 15:29 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 09:25 . 2010-06-05 04:58 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"Mouse Suite 98 Daemon"="ICO.EXE" [2001-08-23 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 71280]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-11-13 100056]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\OWNER\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-23 113664]
Firewall Engine.lnk - c:\windows\system32\net.exe [2003-12-1 42496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-21 16:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Games\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Games\\Steam\\SteamApps\\romulansnitch\\half-life\\hl.exe"=
"d:\\Games\\Steam\\SteamApps\\romulansnitch\\counter-strike source\\hl2.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [05/06/2010 05:55 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [05/06/2010 05:55 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/04/2009 15:29 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/04/2009 15:29 243024]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26/04/2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26/04/2007 10:21 72624]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21/06/2010 17:25 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [21/06/2010 17:20 2331032]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [05/06/2010 05:51 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [05/06/2010 05:52 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [05/06/2010 05:52 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [05/06/2010 05:52 26192]
S0 fary;fary;c:\windows\system32\drivers\kmiwifwu.sys --> c:\windows\system32\drivers\kmiwifwu.sys [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [21/06/2010 17:24 5897808]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 00:57 135664]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26/04/2007 10:21 1234480]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [05/06/2010 05:54 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [05/06/2010 05:51 30104]
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 23:56]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 23:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lefigaro.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 23:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1428)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\sony\vaio media music server\SSSvr.exe
c:\program files\sony\photo server\appsrv\PhotoAppSrv.exe
c:\program files\sony\giga pocket\GPVSvr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
c:\program files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
c:\program files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
c:\program files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
c:\program files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
c:\program files\sony\giga pocket\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\ICO.EXE
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2010-07-12 23:13:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-12 22:12

Pre-Run: 9,432,141,824 bytes free
Post-Run: 9,938,661,376 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 2042D03D561AA53EA59AD68C74339C3C
 
AndyUK said:
However some things of concern which happened as i ran this, my clock did not re-set nor did the internet connection disconnect -which the instruction guide said would happen.
Click to expand...
Don't worry about this and Combofix restarting the computer is normal.



Temp File Cleaner

  • Please download TFC and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.
  • NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. If needed will you be prompted to reboot. Reboot immediately.


Disable AVG

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes and close the window.
Note: Don't forget to re-enable it after the fix.


Combofix

Open notepad and copy/paste the text in the codebox below into it:

Code: 
KillAll::

Driver::
fary

File::
c:\windows\system32\drivers\kmiwifwu.sys
c:\windows\Uyuhupavidif.bin
c:\windows\Mnefecofezip.dat

DDS::
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com

Folder::
c:\documents and settings\OWNER\Application Data\Loyb
c:\documents and settings\OWNER\Application Data\Dyqios
c:\documents and settings\OWNER\Application Data\Ufuhi
c:\documents and settings\OWNER\Application Data\Fehiz
c:\documents and settings\OWNER\Application Data\Beilr
c:\documents and settings\OWNER\Application Data\Biiv
c:\documents and settings\NetworkService\Local Settings\Application Data\acuxlstaf

DirLook::
c:\documents and settings\OWNER\Local Settings\Application Data\Temp
c:\documents and settings\LocalService\Local Settings\Application Data\Temp
c:\documents and settings\OWNER\UserData

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

Save the file as "CFScript.txt", and as Type: All Files (*.*) on your desktop.

CFScriptB-4.gif


This will reboot the computer: Refer to the picture above, then save all work and close all programs including any open browsers(!) and drag CFScript onto ComboFix.exe.

If Combofix prompts you to upgrade, please allow it.

When finished, it shall produce a log for you at C:\ComboFix.txt.


Kaspersky Online Scan

Note: This download is about 200Mb and the scan can last for several hours.

  • Hold down Control then click on the following link to open a new window to Kaspersky Online Scan
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Make sure AVG Antivirus is disabled.
  • Click on My Computer under Scan. * This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This visual tutorial will help explain how to use the aforementioned online scan.


You can now enable AVG.


To post:
  • the Combofix log
  • this log: C:\Qoobox\Add-Remove Programs.txt
  • the Kaspersky log
  • Did you run the Norton removal tool?
  • Did any problems occur while following the instructions?
 
Last edited:
I was unsure which version of Norton i have and my searches on my pc to try and find out have been unsuccessful, but i think it may have come with my pc when i bought it.

My AVG has expired so all the components are off, i assumed that it would revert to the free components but it has not, my attempts to download the free version hit a snag in that they take forever to download, as in the download hardly works.
 
Hey Victor

Here is the second ComboFix log

A bit of concern, even though i saved the "CFScript.txt" as .txt following the instructions you gave it appeared on my desktop without the .txt when i dropped it on ComboFix (i only noticed this after i dropped it on ComboFix).

Is this a problem? Everything went as normal (ComboFix did start updating, then ran as it did yesterday, re-starting my pc etc).

Now the file is gone is that to be expected?



--------------------------------------------------------------------



ComboFix 10-07-12.06 - OWNER 13/07/2010 18:12:44.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.137 [GMT 1:00]
Running from: c:\documents and settings\OWNER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OWNER\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}

FILE ::
"c:\windows\Mnefecofezip.dat"
"c:\windows\system32\drivers\kmiwifwu.sys"
"c:\windows\Uyuhupavidif.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\OWNER\Local Settings\Application Data\{C6522C19-A3D6-4D24-9C2A-4A06721B4FEB}
c:\documents and settings\OWNER\Local Settings\Application Data\{C6522C19-A3D6-4D24-9C2A-4A06721B4FEB}\chrome.manifest
c:\documents and settings\OWNER\Local Settings\Application Data\{C6522C19-A3D6-4D24-9C2A-4A06721B4FEB}\chrome\content\_cfg.js
c:\documents and settings\OWNER\Local Settings\Application Data\{C6522C19-A3D6-4D24-9C2A-4A06721B4FEB}\chrome\content\overlay.xul
c:\documents and settings\OWNER\Local Settings\Application Data\{C6522C19-A3D6-4D24-9C2A-4A06721B4FEB}\install.rdf
c:\documents and settings\NetworkService\Local Settings\Application Data\acuxlstaf
c:\windows\Mnefecofezip.dat
c:\windows\Uyuhupavidif.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fary


((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.

2010-07-12 02:15 . 2010-07-12 02:15 -------- d-sh--w- c:\documents and settings\OWNER\UserData
2010-07-04 10:11 . 2010-07-04 10:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-06-26 06:41 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-26 05:36 . 2010-07-12 01:29 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-26 05:35 . 2010-06-26 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-26 05:35 . 2010-06-26 05:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-26 03:24 . 2010-06-26 03:24 -------- d-----w- c:\windows\system32\NtmsData
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-26 01:27 . 2010-06-26 01:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-26 00:04 . 2010-06-26 00:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-25 23:58 . 2010-06-25 23:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-25 23:57 . 2010-07-02 16:02 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Temp
2010-06-25 23:56 . 2010-06-26 00:00 -------- d-----w- c:\program files\Google
2010-06-25 23:55 . 2010-07-08 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-25 02:53 . 2010-06-25 02:53 -------- d-----w- c:\documents and settings\OWNER\Application Data\Malwarebytes
2010-06-25 02:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 02:52 . 2010-06-25 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-25 02:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 02:52 . 2010-06-25 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 03:04 . 2010-06-24 03:04 52864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-24 03:04 . 2010-06-24 03:04 -------- d-----w- c:\documents and settings\OWNER\Application Data\Apple Computer
2010-06-23 23:04 . 2010-06-23 23:04 -------- d-----w- c:\program files\Bonjour
2010-06-23 22:57 . 2010-06-23 22:58 -------- d-----w- c:\program files\Safari
2010-06-23 22:37 . 2010-06-24 00:42 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 22:32 . 2010-06-23 22:34 -------- d-----w- c:\program files\QuickTime
2010-06-23 22:32 . 2010-06-23 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-21 19:10 . 2010-06-26 05:59 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-21 16:25 . 2010-06-21 16:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-18 04:49 . 2010-06-18 04:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 17:03 . 2004-08-30 00:55 27048271 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-07-08 16:52 . 2003-12-02 09:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-08 16:48 . 2006-05-01 20:06 -------- d-----w- c:\documents and settings\OWNER\Application Data\Lavasoft
2010-07-04 03:30 . 2006-05-01 19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-04 03:09 . 2006-05-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 03:07 . 2003-12-02 09:13 -------- d-----w- c:\program files\Common Files\Java
2010-06-29 08:29 . 2010-06-29 08:29 1039712 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-06-27 22:40 . 2009-06-07 14:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-25 12:15 . 2004-08-29 20:44 69976 ----a-w- c:\documents and settings\OWNER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 22:53 . 2010-06-23 22:53 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-23 04:53 . 2010-05-20 03:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 16:27 . 2010-06-21 16:27 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-06-21 16:27 . 2010-06-21 16:27 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-21 16:27 . 2010-06-21 16:27 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-06-21 16:27 . 2010-06-21 16:27 26120 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-06-21 16:27 . 2010-06-21 16:27 25096 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-06-21 16:27 . 2010-06-21 16:27 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-06-21 16:27 . 2010-06-21 16:27 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-06-21 16:26 . 2009-04-10 14:29 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 16:24 . 2010-06-05 04:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-21 16:20 . 2009-04-10 14:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 16:18 . 2010-06-21 16:18 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-06-21 16:18 . 2010-06-21 16:18 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-06-21 16:18 . 2010-06-21 16:18 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-06-20 04:25 . 2010-06-05 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-20 04:22 . 2010-01-25 22:19 -------- d-----w- c:\documents and settings\OWNER\Application Data\Biiv
2010-06-20 04:22 . 2007-04-10 08:48 -------- d-----w- c:\documents and settings\OWNER\Application Data\Beilr
2010-06-07 14:59 . 2010-06-07 14:59 -------- d-----w- c:\documents and settings\OWNER\Application Data\AVG9
2010-06-06 00:17 . 2010-06-06 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-06-06 00:09 . 2003-12-23 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 00:06 . 2010-06-06 00:06 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-06-05 05:18 . 2010-06-05 05:18 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-05 05:17 . 2006-11-25 18:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-05 04:58 . 2010-06-05 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-05 04:55 . 2010-06-05 04:55 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-05 04:51 . 2010-06-05 04:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-05 04:51 . 2010-06-05 04:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-06-05 04:49 . 2009-04-10 14:28 -------- d-----w- c:\program files\AVG
2010-06-04 22:47 . 2007-08-23 13:25 -------- d-----w- c:\documents and settings\OWNER\Application Data\Fehiz
2010-06-04 22:47 . 2005-02-04 21:18 -------- d-----w- c:\documents and settings\OWNER\Application Data\Ufuhi
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-29 13:37 . 2006-11-14 00:31 -------- d-----w- c:\documents and settings\OWNER\Application Data\Dyqios
2010-05-24 16:49 . 2010-05-24 16:49 503808 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\msvcp71.dll
2010-05-24 16:49 . 2010-05-24 16:49 499712 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\jmc.dll
2010-05-24 16:49 . 2010-05-24 16:49 348160 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\msvcr71.dll
2010-05-24 16:49 . 2010-05-24 16:49 61440 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64651902-n\decora-sse.dll
2010-05-24 16:49 . 2010-05-24 16:49 12800 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64651902-n\decora-d3d.dll
2010-05-24 16:49 . 2003-12-02 09:13 -------- d-----w- c:\program files\Java
2010-05-24 14:47 . 2007-02-07 14:33 -------- d-----w- c:\documents and settings\OWNER\Application Data\Loyb
2010-05-21 22:35 . 2010-05-21 22:35 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 12:14 . 2010-05-17 12:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Thunderbird
2010-05-06 10:41 . 2003-12-01 15:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-12-01 15:30 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-12-01 15:29 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 09:25 . 2010-06-05 04:58 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\LocalService\Local Settings\Application Data\Temp ----


---- Directory of c:\documents and settings\OWNER\Local Settings\Application Data\Temp ----


---- Directory of c:\documents and settings\OWNER\UserData ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"Mouse Suite 98 Daemon"="ICO.EXE" [2001-08-23 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 71280]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-11-13 100056]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\OWNER\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-23 113664]
Firewall Engine.lnk - c:\windows\system32\net.exe [2003-12-1 42496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-21 16:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Games\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Games\\Steam\\SteamApps\\romulansnitch\\half-life\\hl.exe"=
"d:\\Games\\Steam\\SteamApps\\romulansnitch\\counter-strike source\\hl2.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [05/06/2010 05:55 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [05/06/2010 05:55 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/04/2009 15:29 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/04/2009 15:29 243024]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26/04/2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26/04/2007 10:21 72624]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21/06/2010 17:25 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [21/06/2010 17:20 2331032]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [05/06/2010 05:51 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [05/06/2010 05:52 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [05/06/2010 05:52 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [05/06/2010 05:52 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [21/06/2010 17:24 5897808]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 00:57 135664]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26/04/2007 10:21 1234480]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [05/06/2010 05:54 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [05/06/2010 05:51 30104]
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 23:56]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 23:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lefigaro.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = <local>
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 18:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2336)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\sony\vaio media music server\SSSvr.exe
c:\program files\sony\photo server\appsrv\PhotoAppSrv.exe
c:\program files\sony\giga pocket\GPVSvr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
c:\program files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
c:\program files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
c:\program files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
c:\program files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
c:\program files\sony\giga pocket\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\ICO.EXE
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2010-07-13 19:03:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-13 18:03
ComboFix2.txt 2010-07-12 22:13

Pre-Run: 9,976,500,224 bytes free
Post-Run: 9,966,338,048 bytes free

- - End Of File - - 099F41936C4B612B76BC4C536EF055A6
 
Qoobox Add-Remove Programs log:


---------------------------------------------------------------

Adobe Acrobat Elements 6.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Stock Photos 1.0
Agere Systems AC'97 Modem
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG 9.0
Bonjour
ccCommon
Click to DVD 1.3
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
Empire: Total War Demo
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Chrome
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
ISP Selector
ISP Selector (English)
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MoodLogic
Mozilla Thunderbird (2.0.0.21)
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
Natural Selection 3.2
Norton Internet Security
Norton Internet Security (Symantec Corporation)
OpenMG Secure Module 3.3.01
PictureGear Studio 2.0
Portal
QuickTime
QuickTime for Windows (32-bit)
RealPlayer
Rome - Total War(TM)
Rotor-Gene 6000 1.7.87
Safari
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SonicStage 1.6.00
Sony Ericsson PC Suite
Sony USB Mouse
Sony Video Shared Library
SPSS 16.0 for Windows
Steam
Sunbelt Personal Firewall
Sven Co-op 4.0B
Symantec Network Drivers Update
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Edit Components
VAIO Media 2.5
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Setup 2.5
VAIO Media Video Server 2.5
VAIO Online Registration (English)
VAIO Product Survey (English)
VAIO Remote Commander Utility 6.2
VAIO System Information
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VOR
VPS
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
World Book Multimedia Encyclopedia 1997
 
AndyUK said:
A bit of concern, even though i saved the "CFScript.txt" as .txt following the instructions you gave it appeared on my desktop without the .txt when i dropped it on ComboFix (i only noticed this after i dropped it on ComboFix).

Is this a problem? Everything went as normal (ComboFix did start updating, then ran as it did yesterday, re-starting my pc etc).

Now the file is gone is that to be expected?
Click to expand...
Hi

All of this is normal and I can see from the log that Combofix used the script.

However the result of the CFScript was not quite as I would expect. Please confirm that the following line is not your username and that you have edited the logs to remove your real username:
OWNER
You don't need to worry, I just need to know if you edited your username.


Norton removal

Click Start -> Run, type appwiz.cpl and click OK

Uninstall these programs (in the order listed):

Symantec Network Drivers Update
ccCommon
Norton Internet Security (Symantec Corporation)

Don't worry if you can't find some of the entries or if a uninstall fails, just move on to the next entry and eventually to the removal tool described below.

Please download the Norton removal tool from the following link:
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Then start the program and follow any prompts. Please reboot the computer when the removal tool has finished.


RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


When ready, please post (you can use more than one post):
  • did you edit your username in the logs?
  • the RSIT logs
  • an update to the performance of your computer. Are you still experiencing popups? Are there any problems remaining?
 
Hey Victor,

Yes i did edit my username and put "OWNER".
Andy is sort of my nick name, not my real name.

My username appeared 27 times in the log.



However owner appears 29 times in the log.

There were two "owners" already present.
Erm do you want me to re-publish it?
 
The two "owners" which were already present (not my username) where at this section:

---------------------------------------------------------


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\LocalService\Local Settings\Application Data\Temp ----


---- Directory of c:\documents and settings\OWNER\Local Settings\Application Data\Temp ----


---- Directory of c:\documents and settings\OWNER\UserData ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
 
The Kaspersky Online Scan does not work either.

I spent all of yesturday trying it.

I tried it again this morning (before coming here).

However the window just freezes and says its not responding.
 
Here are the RSIT logs, i only did it for "the last 1 month", however i feel my computer has been/had been infected longer.

----------------------------------------------

Log.txt:


Logfile of random's system information tool 1.08 (written by random/random)
Run by OWNER at 2010-07-14 12:37:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (33%) free of 29 GB
Total RAM: 511 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:15, on 14/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ICO.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\OWNER\Desktop\RSIT.exe
C:\Program Files\trend micro\OWNER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lefigaro.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Firewall Engine.lnk = C:\WINDOWS\system32\net.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093807566890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe

--
End of file - 10790 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-06-21 1615200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-05-03 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-11-15 335872]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-07-22 88361]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2001-08-23 45056]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-21 2065760]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\OWNER\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Firewall Engine.lnk - C:\WINDOWS\system32\net.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-21 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Games\Steam\SteamApps\common\empire total war demo\Empire.exe"="D:\Games\Steam\SteamApps\common\empire total war demo\Empire.exe:*:Enabled:Empire: Total War Demo"
"C:\Program Files\SPSSInc\SPSS16\spss.com"="C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com)"
"C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe"="C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033)"
"C:\Program Files\SPSSInc\SPSS16\spss.exe"="C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Games\Steam\SteamApps\romulansnitch\half-life\hl.exe"="D:\Games\Steam\SteamApps\romulansnitch\half-life\hl.exe:*:Enabled:Half-Life"
"D:\Games\Steam\SteamApps\romulansnitch\counter-strike source\hl2.exe"="D:\Games\Steam\SteamApps\romulansnitch\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-07-14 12:37:55 ----D---- C:\Program Files\trend micro
2010-07-14 12:37:54 ----D---- C:\rsit
2010-07-13 19:03:19 ----A---- C:\ComboFix.txt
2010-07-13 18:22:48 ----D---- C:\WINDOWS\temp
2010-07-12 22:38:01 ----A---- C:\Boot.bak
2010-07-12 22:37:54 ----RASHD---- C:\cmdcons
2010-07-12 22:33:48 ----A---- C:\WINDOWS\zip.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\SWSC.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\SWREG.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\sed.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\PEV.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\MBR.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\grep.exe
2010-07-12 22:33:27 ----D---- C:\WINDOWS\ERDNT
2010-07-12 22:33:10 ----D---- C:\Qoobox
2010-07-12 02:21:07 ----RAD---- C:\autorun.inf
2010-07-08 17:47:10 ----D---- C:\Config.Msi
2010-07-04 21:34:09 ----ASH---- C:\hiberfil.sys
2010-07-04 16:12:02 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-26 18:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-26 18:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-26 18:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-06-26 18:26:03 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-26 18:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-26 18:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-26 18:23:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-26 06:36:18 ----A---- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2010-06-26 06:35:59 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-06-26 06:35:51 ----D---- C:\Program Files\Hitman Pro 3.5
2010-06-26 04:24:36 ----D---- C:\WINDOWS\system32\NtmsData
2010-06-26 01:04:39 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-06-26 00:56:45 ----D---- C:\Program Files\Google
2010-06-26 00:55:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-06-25 03:53:05 ----D---- C:\Documents and Settings\OWNER\Application Data\Malwarebytes
2010-06-25 03:52:46 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-06-25 03:52:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-25 03:52:42 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-06-25 03:52:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-24 04:04:01 ----D---- C:\Documents and Settings\OWNER\Application Data\Apple Computer
2010-06-24 00:04:42 ----D---- C:\Program Files\Bonjour
2010-06-23 23:57:29 ----D---- C:\Program Files\Safari
2010-06-23 23:37:18 ----D---- C:\Program Files\Common Files\Apple
2010-06-23 23:32:42 ----D---- C:\Program Files\QuickTime
2010-06-23 23:32:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-06-21 20:10:16 ----D---- C:\Program Files\Windows Live Safety Center
2010-06-21 17:25:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll

======List of files/folders modified in the last 1 months======

2010-07-14 12:37:55 ----RD---- C:\Program Files
2010-07-14 12:33:48 ----D---- C:\WINDOWS\Prefetch
2010-07-14 12:27:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-14 12:26:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-14 12:24:40 ----D---- C:\Program Files\Norton Internet Security
2010-07-14 12:24:35 ----D---- C:\WINDOWS\system32\drivers
2010-07-14 12:24:35 ----D---- C:\WINDOWS\system32
2010-07-14 12:23:55 ----SHD---- C:\WINDOWS\Installer
2010-07-13 19:53:23 ----D---- C:\Program Files\Common Files
2010-07-13 18:55:51 ----D---- C:\WINDOWS
2010-07-13 18:55:51 ----A---- C:\WINDOWS\system.ini
2010-07-13 18:55:26 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-13 18:23:23 ----D---- C:\WINDOWS\system32\config
2010-07-13 18:18:17 ----D---- C:\WINDOWS\AppPatch
2010-07-12 23:11:20 ----SD---- C:\WINDOWS\Tasks
2010-07-12 22:38:01 ----RASH---- C:\boot.ini
2010-07-12 02:35:23 ----HD---- C:\WINDOWS\inf
2010-07-08 17:55:07 ----D---- C:\WINDOWS\SxsCaPendDel
2010-07-08 17:49:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-08 17:48:37 ----D---- C:\Documents and Settings\OWNER\Application Data\Lavasoft
2010-07-08 17:46:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-05 05:41:52 ----D---- C:\WINDOWS\Minidump
2010-07-04 21:40:33 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-07-04 04:30:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-04 04:09:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 04:07:43 ----D---- C:\Program Files\Common Files\Java
2010-06-27 23:40:39 ----D---- C:\Program Files\Mozilla Thunderbird
2010-06-26 18:58:30 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-26 18:58:13 ----RSD---- C:\WINDOWS\assembly
2010-06-26 18:34:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-26 18:33:41 ----A---- C:\WINDOWS\imsins.BAK
2010-06-26 18:33:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-26 18:29:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-26 18:29:25 ----D---- C:\WINDOWS\WinSxS
2010-06-26 18:25:26 ----D---- C:\Program Files\Internet Explorer
2010-06-26 18:25:11 ----D---- C:\WINDOWS\ie8updates
2010-06-26 07:40:25 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-26 00:44:19 ----D---- C:\WINDOWS\network diagnostic
2010-06-21 20:10:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-20 05:25:34 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-06-20 05:22:56 ----D---- C:\Documents and Settings\OWNER\Application Data\Biiv
2010-06-20 05:22:26 ----D---- C:\Documents and Settings\OWNER\Application Data\Beilr

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSErHrxpx;AVG9IDSErHr; C:\WINDOWS\System32\Drivers\AVGIDSxx.sys [2010-06-21 25168]
R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-06-05 52872]
R0 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2008-07-23 43528]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-21 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-05 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-21 243024]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-07-22 1268234]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-03-22 701440]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-06-05 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 smrt;Sony MPEG RealTime encoder board; C:\WINDOWS\System32\DRIVERS\smrt.sys [2003-10-30 766848]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-01 594048]
R3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-06-05 30104]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-21 308136]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-06-21 2331032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R2 VAIOMediaPlatform-MusicServer-AppServer;VAIO Media Music Server; C:\Program Files\sony\vaio media music server\SSSvr.exe [2003-09-19 540749]
R2 VAIOMediaPlatform-MusicServer-HTTP;VAIO Media Music Server (HTTP); C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe [2003-06-23 57344]
R2 VAIOMediaPlatform-MusicServer-UPnP;VAIO Media Music Server (UPnP); C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe [2003-10-21 679936]
R2 VAIOMediaPlatform-PhotoServer-AppServer;VAIO Media Photo Server; C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe [2003-06-24 860160]
R2 VAIOMediaPlatform-PhotoServer-HTTP;VAIO Media Photo Server (HTTP); C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe [2003-06-23 57344]
R2 VAIOMediaPlatform-PhotoServer-UPnP;VAIO Media Photo Server (UPnP); C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe [2003-10-21 679936]
R2 VAIOMediaPlatform-VideoServer-AppServer;VAIO Media Video Server; C:\Program Files\sony\giga pocket\GPVSvr.exe [2003-11-14 966656]
R2 VAIOMediaPlatform-VideoServer-HTTP;VAIO Media Video Server (HTTP); C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe [2003-06-23 57344]
R2 VAIOMediaPlatform-VideoServer-UPnP;VAIO Media Video Server (UPnP); C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe [2003-10-21 679936]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 Sony TV Tuner Manager;Sony TV Tuner Manager; C:\Program Files\sony\giga pocket\RM_SV.exe [2003-11-14 90112]
S2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-06-21 5897808]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-06-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Sony TV Tuner Controller;Sony TV Tuner Controller; C:\Program Files\sony\giga pocket\halsv.exe [2003-11-14 118784]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [2003-07-28 65536]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
 
Here are the RSIT log for info.txt

------------------------------------------





info.txt logfile of random's system information tool 1.08 2010-07-14 12:38:20

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat Elements 6.0-->MsiExec.exe /I{E5E6E687-1033-BA7E-6000-000000000001}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Premiere 6 LE-->C:\Program Files\Adobe\Premiere 6 LE\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6 LE\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6 LE\Uninst.dll"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Agere Systems AC'97 Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Click to DVD 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drag'n Drop CD+DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Empire: Total War Demo-->"D:\Games\Steam\steam.exe" steam://uninstall/10620
Giga Pocket 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A90BFA-C75E-420A-BB00-D54C82A5A245}\Setup.exe" -l0x9
Giga Pocket Demo Movie-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F2CE2DD-5119-4860-9E46-6A0129A34FF1}\setup.exe"
Giga Pocket Hardware Library 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F898AB3C-792E-4351-B3E8-4958BAA8E101}\setup.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.86\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Half-Life 2: Deathmatch-->"D:\Games\Steam\steam.exe" steam://uninstall/320
Half-Life 2-->"D:\Games\Steam\steam.exe" steam://uninstall/220
Hitman Pro 3.5-->"C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD 5 for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
ISP Selector (English)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0E3F1A40-3104-4C76-8A2D-2CC2ED414BD1} /l2057
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\Setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe
Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
Natural Selection 3.2-->d:\games\steam\steamapps\romulansnitch\half-life\unins000.exe
OpenMG Secure Module 3.3.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}\setup.exe" -l0x9 UNINSTALL
PictureGear Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
Portal-->"D:\Games\Steam\steam.exe" steam://uninstall/400
QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rome - Total War(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
Rotor-Gene 6000 1.7.87-->"C:\Program Files\Rotor-Gene 6000 Software\unins000.exe"
Safari-->MsiExec.exe /I{AFAC914D-9E83-4A89-8ABE-427521C82CCF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SonicStage 1.6.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Ericsson PC Suite-->MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}
Sony USB Mouse-->Pmuninst.exe MouseSuite98
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
SPSS 16.0 for Windows-->MsiExec.exe /X{621025AE-3510-478E-BC27-1A647150976F}
Steam-->D:\Games\Steam\UNWISE.EXE D:\Games\Steam\INSTALL.LOG
Sunbelt Personal Firewall-->MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
Sven Co-op 4.0B-->C:\WINDOWS\unvise32.exe d:\games\steam\steamapps\romulansnitch\half-life\SvenCoop\uninstal.log
Team Fortress 2-->"D:\Games\Steam\steam.exe" steam://uninstall/440
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VAIO BrightColor Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\Setup.exe" -l0x9
VAIO Clock Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D057E97-A116-4BF9-B307-83C3FBD86515}\Setup.exe" -l0x9
VAIO DeepSea Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3147661C-2807-49EC-B971-3B0F23D95018}\Setup.exe" -l0x9
VAIO Edit Components-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{761C9026-14F0-4352-8658-934558272404}\setup.exe"
VAIO Media 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Music Server 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF733005-0F40-11D6-9254-0000F460E7A9}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Photo Server 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6587A1E-A87D-4CF9-9BA6-CE2CEB58950E}\Setup.exe" -l0x9
VAIO Media Platform 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Media Redistribution 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Setup 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D9D1CE4-8C3D-469A-9894-0857B6C9F426}\Setup.exe" -l0x9
VAIO Media Video Server 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63C6BABD-0BF7-488B-9AB5-B989E23CC581}\Setup.exe"
VAIO Online Registration (English)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l2057
VAIO Product Survey (English)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9080C5D2-82FA-452A-87FA-CBB4B05D67A5} /l2057
VAIO Remote Commander Utility 6.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}\Setup.exe" -l0x9
VAIO System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2366D960-F00F-11D3-99D3-00C04FCCB775}\Setup.exe" -l0x9
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World Book Multimedia Encyclopedia 1997-->C:\WINDOWS\uninst.exe -f"c:\program files\WorldBookME\DeIsL1.isu"

======Security center information======

AV: AVG Internet Security (disabled)
FW: AVG Firewall (disabled)
FW: Sunbelt Personal Firewall

======System event log======

Computer Name: OWNER2
Event Code: 1073
Message: The attempt to reboot OWNER2 failed

Record Number: 8
Source Name: USER32
Time Written: 20100615110619.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER2
Event Code: 1073
Message: The attempt to reboot OWNER2 failed

Record Number: 7
Source Name: USER32
Time Written: 20100615110504.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER2
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Record Number: 5
Source Name: Ftdisk
Time Written: 20100615054116.000000+060
Event Type: error
User:

Computer Name: OWNER2
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 4
Source Name: Ftdisk
Time Written: 20100615054116.000000+060
Event Type: error
User:

Computer Name: OWNER2
Event Code: 4
Message: Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Record Number: 3
Source Name: E100B
Time Written: 20100615054116.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: OWNER2
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally


Record Number: 1296
Source Name: crypt32
Time Written: 20100602024113.000000+060
Event Type: error
User:

Computer Name: OWNER2
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 1295
Source Name: crypt32
Time Written: 20100602004033.000000+060
Event Type: error
User:

Computer Name: OWNER2
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally


Record Number: 1294
Source Name: crypt32
Time Written: 20100602004033.000000+060
Event Type: error
User:

Computer Name: OWNER2
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 1293
Source Name: crypt32
Time Written: 20100601224007.000000+060
Event Type: error
User:

Computer Name: OWNER2
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally


Record Number: 1292
Source Name: crypt32
Time Written: 20100601224007.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
 
By popups do you mean random browser windows opening and me being directed to some dodgy site? In which case they have stopped thank goodness.

My PC does feel a faster. Before, after a reboot it would be extremely sluggish and take forever to fully load and to even open a browser, freezing at times.

I have had other issues such as if a browser window crashes/not responds and I use the task manager to close it it takes all the other windows with it and if I copy text from a site into MS Word, word freezes for a while, a good 20 minutes or so, until the text is copied properly and I am unable to use any word documents till then.

But it has been like this for a while, long before the recent barrage of problems erupted.
 
Status
Not open for further replies.
Back
Top