MyWay.MyWebSearch has infested my computer- with proper information.

M

macalig21

New member
Spy bot continues to pick up MyWay.MyWebSearch however it says it can't delete it.
It then asks me to scan after a reboot, then even more trouble started.


When i try to delete it from spybot it says:

Some problems can't be fixed the reason could be that the associate files are still in use (in memory)
This could be fixed after a restart.

After scan reboot returns c:\windows\system32\command.com the parameter is incorrect.

Now at every start up this occurs, even when spybot isn't scanning.

I left clicked on it and "jumped to location" I tried to delete the file "fun web products"
It then says "cannot delete fun web products: error while deleting key.





Also on restart it says spybotdeletingc7015
its from a bearshare file I don't want on my computer
Am I denying bearshares access?
Or allowing a deletion?

I'm not sure what to click.


I guess I should have included that I already tried to run it in safe mode, it had the same outcome as running my computer normally


Please help, this is ruining my entire computer.


HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:06 PM, on 2/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sttray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.facebook.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA5711] command.com /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3816] cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4551] command.com /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9257] cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5509] command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7815] cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9838] command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9643] cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6020] command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7015] cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD3222] cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5084] command.com /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD413] cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1700] command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2229] cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7442] command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD202] cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9479] command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD800] cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7821] command.com /c del "C:\Program Files\BearShare\Logs\streams.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1004] cmd.exe /c del "C:\Program Files\BearShare\Logs\streams.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4491] command.com /c del "C:\Program Files\BearShare\sounds\notify.wav"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8852] cmd.exe /c del "C:\Program Files\BearShare\sounds\notify.wav"
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1197414171889
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: wvUkIASK - wvUkIASK.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10826 bytes




SPY BOT RAN THIS:[/SIZE]



SPYBOT RAN THIS:


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-02-17 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-22 Includes\Adware.sbi
2009-01-22 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-01-06 Includes\Dialer.sbi
2009-01-22 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-02-10 Includes\Hijackers.sbi
2009-02-10 Includes\HijackersC.sbi
2008-12-09 Includes\Keyloggers.sbi
2009-02-03 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-11-18 Includes\Malware.sbi
2009-02-10 Includes\MalwareC.sbi
2008-12-16 Includes\PUPS.sbi
2009-02-10 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-02-10 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-01-28 Includes\Spyware.sbi
2009-01-28 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2009-02-03 Includes\Trojans.sbi
2009-02-10 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1601304
MD5: 1FC8B35E97123A9DF64F092DA8784E4C

Located: HK_LM:Run, IDTSysTrayApp
command: sttray.exe
file: C:\WINDOWS\sttray.exe
size: 405504
MD5: 394FE85B1D45F96E1E63D2E5AAB938D2

Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 77824
MD5: 19D63CF10330B51FD42ABB1D4D39D0C4

Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\System32\igfxpers.exe
file: C:\WINDOWS\System32\igfxpers.exe
size: 118784
MD5: 697963452107C59BE69A67BEE54E3EAC

Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 98304
MD5: 45985C1B266666CB7BBAC01428AC2FAD

Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 1101824
MD5: 094849718C47651CA255D08CAF42A904

Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 995328
MD5: 988CDA5B406C1931A78E52BD8CC3BBFE

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep 0 -k
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1

Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
size: 112216
MD5: B02178866C19F73310FD70B789135240

Located: HK_LM:Run, SigmatelSysTrayApp
command: %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
file: C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
size: 405504
MD5: 012844A8E13BE3941C9CAF1F91F47DF2

Located: HK_LM:RunOnce, SpybotDeletingA4551
command: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
file: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA5509
command: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA5711
command: command.com /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
file: command.com /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA9838
command: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingC3816
command: cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_LM:RunOnce, SpybotDeletingC7815
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_LM:RunOnce, SpybotDeletingC9257
command: cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_LM:RunOnce, SpybotDeletingC9643
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:Run, Aim6
where: S-1-5-21-854245398-436374069-839522115-1004...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 50472
MD5: 88BC43EA04F747A477898DF4BF9F7BCF

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-854245398-436374069-839522115-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-854245398-436374069-839522115-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1

Located: HK_CU:Run, swg
where: S-1-5-21-854245398-436374069-839522115-1004...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:RunOnce, SpybotDeletingB1700
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB4491
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\sounds\notify.wav"
file: command.com /c del "C:\Program Files\BearShare\sounds\notify.wav"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB5084
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
file: command.com /c del "C:\Program Files\BearShare\db\searches.ini"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB7442
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB7821
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\streams.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\streams.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB9479
where: S-1-5-21-854245398-436374069-839522115-1004...
command: command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
file: command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD1004
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\streams.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:RunOnce, SpybotDeletingD202
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:RunOnce, SpybotDeletingD2229
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:RunOnce, SpybotDeletingD3222
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:RunOnce, SpybotDeletingD413
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:RunOnce, SpybotDeletingD800
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:RunOnce, SpybotDeletingD8852
where: S-1-5-21-854245398-436374069-839522115-1004...
command: cmd.exe /c del "C:\Program Files\BearShare\sounds\notify.wav"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-854245398-436374069-839522115-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, BMf749ac17
where: S-1-5-21-854245398-436374069-839522115-501...
command: Rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\himapkbv.dll" ,s
file: C:\DOCUME~1\Guest\LOCALS~1\Temp\himapkbv.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-854245398-436374069-839522115-501...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, f47a9f8b
where: S-1-5-21-854245398-436374069-839522115-501...
command: rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\llmgiapn.dll" ,b
file: C:\DOCUME~1\Guest\LOCALS~1\Temp\llmgiapn.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, QuickTime Task
where: S-1-5-21-854245398-436374069-839522115-501...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1

Located: HK_CU:Run, swg
where: S-1-5-21-854245398-436374069-839522115-501...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: Startup (disabled), Run Google Web Accelerator (DISABLED)
command: C:\PROGRA~1\Google\WEBACC~1\GOOGLE~2.EXE
file: C:\PROGRA~1\Google\WEBACC~1\GOOGLE~2.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wvUkIASK
command: wvUkIASK.dll
file: wvUkIASK.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!





MALWAREBYTES ANTI-MALWARE RAN THIS:
are these items really deleted from my system?
I rebooted after, as told.









Malwarebytes' Anti-Malware 1.34
Database version: 1771
Windows 5.1.2600 Service Pack 3

2/17/2009 8:43:01 AM
mbam-log-2009-02-17 (08-43-01).txt

Scan type: Quick Scan
Objects scanned: 90850
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvid er (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkKbxX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf749ac17.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf749ac17.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.



Thank you in advance for your help!
 
Hi macalig21

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
 
Logs

Logfile of random's system information tool 1.05 (written by random/random)
Run by Maria Angela at 2009-02-22 15:45:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (44%) free of 40 GB
Total RAM: 1014 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:11 PM, on 2/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sttray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Maria Angela.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.facebook.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA5711] command.com /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3816] cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4551] command.com /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9257] cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5509] command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7815] cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9838] command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9643] cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6020] command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7015] cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD3222] cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5084] command.com /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD413] cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1700] command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2229] cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7442] command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD202] cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9479] command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD800] cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7821] command.com /c del "C:\Program Files\BearShare\Logs\streams.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1004] cmd.exe /c del "C:\Program Files\BearShare\Logs\streams.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4491] command.com /c del "C:\Program Files\BearShare\sounds\notify.wav"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8852] cmd.exe /c del "C:\Program Files\BearShare\sounds\notify.wav"
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1197414171889
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: wvUkIASK - wvUkIASK.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10830 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-07 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-20 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\System32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\System32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\System32\igfxpers.exe [2005-12-13 118784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-30 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"IDTSysTrayApp"=C:\WINDOWS\sttray.exe [2008-01-10 405504]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-07 1601304]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA5711"=command.com /c del C:\Program Files\BearShare\db\Hostiles-Chat.txt []
"SpybotDeletingC3816"=cmd.exe /c del C:\Program Files\BearShare\db\Hostiles-Chat.txt []
"SpybotDeletingA4551"=command.com /c del C:\Program Files\BearShare\db\searches.ini []
"SpybotDeletingC9257"=cmd.exe /c del C:\Program Files\BearShare\db\searches.ini []
"SpybotDeletingA5509"=command.com /c del C:\Program Files\BearShare\Logs\hosts-state.txt []
"SpybotDeletingC7815"=cmd.exe /c del C:\Program Files\BearShare\Logs\hosts-state.txt []
"SpybotDeletingA9838"=command.com /c del C:\Program Files\BearShare\Logs\memory.txt []
"SpybotDeletingC9643"=cmd.exe /c del C:\Program Files\BearShare\Logs\memory.txt []
"SpybotDeletingA6020"=command.com /c del C:\Program Files\BearShare\Logs\ordinal.txt []
"SpybotDeletingC7015"=cmd.exe /c del C:\Program Files\BearShare\Logs\ordinal.txt []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-13 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD3222"=cmd.exe /c del C:\Program Files\BearShare\db\Hostiles-Chat.txt []
"SpybotDeletingB5084"=command.com /c del C:\Program Files\BearShare\db\searches.ini []
"SpybotDeletingD413"=cmd.exe /c del C:\Program Files\BearShare\db\searches.ini []
"SpybotDeletingB1700"=command.com /c del C:\Program Files\BearShare\Logs\hosts-state.txt []
"SpybotDeletingD2229"=cmd.exe /c del C:\Program Files\BearShare\Logs\hosts-state.txt []
"SpybotDeletingB7442"=command.com /c del C:\Program Files\BearShare\Logs\memory.txt []
"SpybotDeletingD202"=cmd.exe /c del C:\Program Files\BearShare\Logs\memory.txt []
"SpybotDeletingB9479"=command.com /c del C:\Program Files\BearShare\Logs\ordinal.txt []
"SpybotDeletingD800"=cmd.exe /c del C:\Program Files\BearShare\Logs\ordinal.txt []
"SpybotDeletingB7821"=command.com /c del C:\Program Files\BearShare\Logs\streams.txt []
"SpybotDeletingD1004"=cmd.exe /c del C:\Program Files\BearShare\Logs\streams.txt []
"SpybotDeletingB4491"=command.com /c del C:\Program Files\BearShare\sounds\notify.wav []
"SpybotDeletingD8852"=cmd.exe /c del C:\Program Files\BearShare\sounds\notify.wav []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf749ac17]
C:\WINDOWS\system32\pbhijbxj.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f47a9f8b]
C:\WINDOWS\system32\ibpklmyq.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDNS]
C:\WINDOWS\system32\service.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Logon Applicationedc]
C:\Documents and Settings\Administrator\winlogon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
C:\PROGRA~1\Google\WEBACC~1\GOOGLE~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"lanmanserver"=2
"iPod Service"=3
"helpsvc"=2
"gusvc"=2
"ERSvc"=2
"AppMgmt"=2

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-07 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUkIASK]
wvUkIASK.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Disabled:DNA"
"C:\Program Files\Atari-Infogrames\Roller Coaster Tycoon 2\rct2.exe"="C:\Program Files\Atari-Infogrames\Roller Coaster Tycoon 2\rct2.exe:*:Disabled:rct2"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5c09b18-c938-11dd-9c81-0015c5a4a86a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SanDiskPhoto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5dc0c24-c715-11dd-9c7d-0015c5a4a86a}]
shell\AutoRun\command - wdsync.exe


======List of files/folders created in the last 1 months======

2009-02-22 15:45:26 ----DC---- C:\rsit
2009-02-21 12:59:49 ----DC---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\LimeWire
2009-02-21 12:46:03 ----D---- C:\Program Files\LimeWire
2009-02-18 13:47:57 ----D---- C:\Program Files\Trend Micro
2009-02-17 04:55:08 ----AC---- C:\WINDOWS\wininit.ini
2009-02-17 04:31:12 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-17 04:31:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-13 11:33:46 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\2E1D0
2009-02-11 15:35:36 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\24242
2009-02-11 02:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 02:04:55 ----AC---- C:\WINDOWS\imsins.BAK
2009-02-09 20:16:05 ----D---- C:\Program Files\Sigmatel
2009-02-09 20:16:04 ----AC---- C:\WINDOWS\stsystra.exe
2009-02-08 01:16:03 ----D---- C:\Program Files\msn gaming zone
2009-02-08 01:00:35 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-02-07 17:00:05 ----HDC---- C:\$AVG8.VAULT$
2009-02-07 16:28:23 ----AC---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-07 16:24:55 ----D---- C:\Program Files\AVG
2009-02-07 16:24:52 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2009-02-05 17:11:57 ----AC---- C:\WINDOWS\system32\stlang.dll
2009-02-05 17:11:57 ----AC---- C:\WINDOWS\system32\stacsv.exe
2009-02-05 17:11:57 ----AC---- C:\WINDOWS\sttray.exe
2009-02-05 17:10:45 ----AC---- C:\WINDOWS\system32\stacapi.dll
2009-02-05 17:10:26 ----D---- C:\Program Files\IDT
2009-02-03 07:36:14 ----DC---- C:\87e11012ff768bd972bc676ec9005b77
2009-02-02 17:21:47 ----AC---- C:\WINDOWS\system32\sfms32.dll
2009-02-02 17:21:47 ----AC---- C:\WINDOWS\system32\sfman32.dll
2009-02-02 17:21:44 ----AC---- C:\WINDOWS\system32\CiFilter.ini
2009-02-02 17:21:44 ----AC---- C:\WINDOWS\system32\CiEcho.dll
2009-02-02 17:21:44 ----AC---- C:\WINDOWS\inres.dll
2009-02-02 17:21:32 ----D---- C:\Program Files\Creative
2009-02-02 17:21:32 ----AC---- C:\WINDOWS\system32\cifilter.dll
2009-02-02 17:10:45 ----DC---- C:\swsetup
2009-02-02 16:58:50 ----AC---- C:\WINDOWS\system32\staco.dll
2009-02-02 16:23:49 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2009-02-02 16:14:48 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
2009-02-02 16:14:47 ----DC---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Uniblue
2009-01-28 03:28:40 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-01-28 03:28:25 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-28 03:28:24 ----DC---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\SUPERAntiSpyware.com
2009-01-28 02:34:13 ----DC---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Yahoo

======List of files/folders modified in the last 1 months======

2009-02-22 15:45:51 ----DC---- C:\temp
2009-02-22 15:45:27 ----DC---- C:\WINDOWS\Prefetch
2009-02-22 14:59:40 ----SDC---- C:\WINDOWS\Tasks
2009-02-22 14:59:34 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2009-02-22 12:19:31 ----DC---- C:\WINDOWS\Temp
2009-02-22 10:20:48 ----D---- C:\Program Files\Mozilla Firefox
2009-02-22 10:14:28 ----DC---- C:\WINDOWS\Registration
2009-02-21 12:46:03 ----RD---- C:\Program Files
2009-02-20 14:20:47 ----HDC---- C:\WINDOWS\inf
2009-02-20 14:20:39 ----DC---- C:\WINDOWS\system32\CatRoot2
2009-02-20 11:41:15 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-17 11:04:58 ----D---- C:\Program Files\Google
2009-02-17 11:04:53 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2009-02-17 10:37:34 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-17 10:03:19 ----DC---- C:\WINDOWS
2009-02-17 10:02:01 ----SHDC---- C:\WINDOWS\Installer
2009-02-17 10:02:00 ----HDC---- C:\Config.Msi
2009-02-17 10:01:56 ----D---- C:\Program Files\Norton Security Scan
2009-02-17 08:44:44 ----DC---- C:\WINDOWS\system32\drivers
2009-02-17 08:43:01 ----DC---- C:\WINDOWS\system32
2009-02-17 08:14:41 ----AC---- C:\WINDOWS\SchedLgU.Txt
2009-02-17 08:06:30 ----DC---- C:\WINDOWS\system32\CatRoot
2009-02-17 04:56:21 ----D---- C:\Program Files\BearShare
2009-02-17 04:53:51 ----D---- C:\Program Files\Enigma Software Group
2009-02-17 03:20:00 ----D---- C:\Program Files\AIM6
2009-02-12 23:31:42 ----DC---- C:\QUARANTINE
2009-02-11 02:07:42 ----DC---- C:\WINDOWS\Debug
2009-02-11 02:05:19 ----HDC---- C:\WINDOWS\$hf_mig$
2009-02-11 02:04:16 ----DC---- C:\WINDOWS\system32\dllcache
2009-02-11 02:04:05 ----D---- C:\Program Files\Internet Explorer
2009-02-07 16:36:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-07 16:32:24 ----DC---- C:\WINDOWS\WinSxS
2009-02-07 16:30:45 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-02-07 15:32:52 ----AC---- C:\WINDOWS\win.ini
2009-02-05 16:08:49 ----DC---- C:\WINDOWS\Minidump
2009-02-05 14:27:15 ----DC---- C:\My Downloads
2009-02-04 03:04:08 ----AC---- C:\WINDOWS\st_affiliate.ini
2009-02-03 18:21:12 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-02-02 18:04:10 ----DC---- C:\WINDOWS\system32\config
2009-02-02 17:24:29 ----DC---- C:\WINDOWS\system32\ReinstallBackups
2009-02-02 17:04:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-02 16:17:28 ----RASHC---- C:\boot.ini
2009-01-31 12:26:34 ----HD---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Move Networks
2009-01-28 09:09:20 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Google
2009-01-28 02:28:20 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\CyberLink
2009-01-28 02:28:20 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Corel Photo Album
2009-01-28 02:28:20 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Corel
2009-01-28 02:28:20 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Apple Computer
2009-01-28 02:28:19 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\AdobeUM
2009-01-28 02:28:19 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Adobe
2009-01-28 02:28:19 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\acccore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-07 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-07 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-07 107272]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2007-12-11 21361]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 rimmptsk;rimmptsk; C:\WINDOWS\System32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\System32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\System32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2006-08-07 162176]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-11-30 168776]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
R3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EraserUtilDrv10741;EraserUtilDrv10741; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2006-08-02 114560]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sfng32;Sonic Focus Plugin for HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2007-03-16 54272]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\System32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-07 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-07 298264]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-20 182768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
















info.txt logfile of random's system information tool 1.05 2009-02-22 15:47:21

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVS DVD Player version 2.4-->"C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exe
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sound Blaster ADVANCED MB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInstXP.exe /u C:\WINDOWS\system32\DRVSTORE\mr7910_1FFEF370F39864F3AAA62219D434AE06B02B70AB\mr7910.inf
Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\System32\DRVSTORE\w29n51_B4DB085D140C6265DCA5E78CC26122444CD2D577\w29n51.inf
Windows Driver Package - Intel (w39n51) net (12/04/2005 10.1.0.13)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\System32\DRVSTORE\w39n51_115847E8514BF1F186C73A2A2833B7551132A07A\w39n51.inf
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
AV: McAfee VirusScan Enterprise (outdated)

System event log

Computer Name: IUP-LH0YWKSXWU0
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302BBE049. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 22494
Source Name: Dhcp
Time Written: 20090121224227.000000-300
Event Type: warning
User:

Computer Name: IUP-LH0YWKSXWU0
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302BBE049. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 22493
Source Name: Dhcp
Time Written: 20090121224227.000000-300
Event Type: warning
User:

Computer Name: IUP-LH0YWKSXWU0
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{01FDEF3C-8C56-4DC7-8CEA-013439AA31B9} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 22492
Source Name: Tcpip
Time Written: 20090121224227.000000-300
Event Type: information
User:

Computer Name: IUP-LH0YWKSXWU0
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{01FDEF3C-8C56-4DC7-8CEA-013439AA31B9} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 22491
Source Name: Tcpip
Time Written: 20090121224227.000000-300
Event Type: information
User:

Computer Name: IUP-LH0YWKSXWU0
Event Code: 7036
Message: The service entered the \DEVICE\{01FDEF3C-8C56-4DC7-8CEA-013439AA31B9} state.

Record Number: 22490
Source Name: NETw4x32
Time Written: 20090121224227.000000-300
Event Type: information
User:

Application event log

Computer Name: MARIAANGELA
Event Code: 0
Message:
Record Number: 5
Source Name: Viewpoint Manager Service
Time Written: 20090217103212.000000-300
Event Type: information
User:

Computer Name: MARIAANGELA
Event Code: 2444
Message: MS DTC started with the following settings:



Security Configuration (OFF = 0 and ON = 1):

Network Administration of Transactions = 0,

Network Clients = 0,

Inbound Distributed Transactions using Native MSDTC Protocol = 0,

Outbound Distributed Transactions using Native MSDTC Protocol = 0,

Transaction Internet Protocol (TIP) = 0,

XA Transactions = 0
Record Number: 4
Source Name: MSDTC
Time Written: 20090217103205.000000-300
Event Type: information
User:

Computer Name: MARIAANGELA
Event Code: 0
Message:
Record Number: 3
Source Name: RegSrvc
Time Written: 20090217103158.000000-300
Event Type: information
User:

Computer Name: MARIAANGELA
Event Code: 0
Message:
Record Number: 2
Source Name: gusvc
Time Written: 20090217103058.000000-300
Event Type: information
User:

Computer Name: MARIAANGELA
Event Code: 0
Message:
Record Number: 1
Source Name: EvtEng
Time Written: 20090217103056.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e08
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
 
Logs

Logfile of random's system information tool 1.05 (written by random/random)
Run by Maria Angela at 2009-02-22 15:45:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (44%) free of 40 GB
Total RAM: 1014 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:11 PM, on 2/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sttray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Maria Angela.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.facebook.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA5711] command.com /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3816] cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4551] command.com /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9257] cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5509] command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7815] cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9838] command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9643] cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6020] command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7015] cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD3222] cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5084] command.com /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD413] cmd.exe /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1700] command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2229] cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7442] command.com /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD202] cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9479] command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD800] cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7821] command.com /c del "C:\Program Files\BearShare\Logs\streams.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1004] cmd.exe /c del "C:\Program Files\BearShare\Logs\streams.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4491] command.com /c del "C:\Program Files\BearShare\sounds\notify.wav"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8852] cmd.exe /c del "C:\Program Files\BearShare\sounds\notify.wav"
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1197414171889
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: wvUkIASK - wvUkIASK.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10830 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-07 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-20 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\System32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\System32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\System32\igfxpers.exe [2005-12-13 118784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-30 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"IDTSysTrayApp"=C:\WINDOWS\sttray.exe [2008-01-10 405504]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-07 1601304]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA5711"=command.com /c del C:\Program Files\BearShare\db\Hostiles-Chat.txt []
"SpybotDeletingC3816"=cmd.exe /c del C:\Program Files\BearShare\db\Hostiles-Chat.txt []
"SpybotDeletingA4551"=command.com /c del C:\Program Files\BearShare\db\searches.ini []
"SpybotDeletingC9257"=cmd.exe /c del C:\Program Files\BearShare\db\searches.ini []
"SpybotDeletingA5509"=command.com /c del C:\Program Files\BearShare\Logs\hosts-state.txt []
"SpybotDeletingC7815"=cmd.exe /c del C:\Program Files\BearShare\Logs\hosts-state.txt []
"SpybotDeletingA9838"=command.com /c del C:\Program Files\BearShare\Logs\memory.txt []
"SpybotDeletingC9643"=cmd.exe /c del C:\Program Files\BearShare\Logs\memory.txt []
"SpybotDeletingA6020"=command.com /c del C:\Program Files\BearShare\Logs\ordinal.txt []
"SpybotDeletingC7015"=cmd.exe /c del C:\Program Files\BearShare\Logs\ordinal.txt []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-13 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD3222"=cmd.exe /c del C:\Program Files\BearShare\db\Hostiles-Chat.txt []
"SpybotDeletingB5084"=command.com /c del C:\Program Files\BearShare\db\searches.ini []
"SpybotDeletingD413"=cmd.exe /c del C:\Program Files\BearShare\db\searches.ini []
"SpybotDeletingB1700"=command.com /c del C:\Program Files\BearShare\Logs\hosts-state.txt []
"SpybotDeletingD2229"=cmd.exe /c del C:\Program Files\BearShare\Logs\hosts-state.txt []
"SpybotDeletingB7442"=command.com /c del C:\Program Files\BearShare\Logs\memory.txt []
"SpybotDeletingD202"=cmd.exe /c del C:\Program Files\BearShare\Logs\memory.txt []
"SpybotDeletingB9479"=command.com /c del C:\Program Files\BearShare\Logs\ordinal.txt []
"SpybotDeletingD800"=cmd.exe /c del C:\Program Files\BearShare\Logs\ordinal.txt []
"SpybotDeletingB7821"=command.com /c del C:\Program Files\BearShare\Logs\streams.txt []
"SpybotDeletingD1004"=cmd.exe /c del C:\Program Files\BearShare\Logs\streams.txt []
"SpybotDeletingB4491"=command.com /c del C:\Program Files\BearShare\sounds\notify.wav []
"SpybotDeletingD8852"=cmd.exe /c del C:\Program Files\BearShare\sounds\notify.wav []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf749ac17]
C:\WINDOWS\system32\pbhijbxj.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f47a9f8b]
C:\WINDOWS\system32\ibpklmyq.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDNS]
C:\WINDOWS\system32\service.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Logon Applicationedc]
C:\Documents and Settings\Administrator\winlogon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
C:\PROGRA~1\Google\WEBACC~1\GOOGLE~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"lanmanserver"=2
"iPod Service"=3
"helpsvc"=2
"gusvc"=2
"ERSvc"=2
"AppMgmt"=2

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-07 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUkIASK]
wvUkIASK.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Disabled:DNA"
"C:\Program Files\Atari-Infogrames\Roller Coaster Tycoon 2\rct2.exe"="C:\Program Files\Atari-Infogrames\Roller Coaster Tycoon 2\rct2.exe:*:Disabled:rct2"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5c09b18-c938-11dd-9c81-0015c5a4a86a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SanDiskPhoto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5dc0c24-c715-11dd-9c7d-0015c5a4a86a}]
shell\AutoRun\command - wdsync.exe


======List of files/folders created in the last 1 months======

2009-02-22 15:45:26 ----DC---- C:\rsit
2009-02-21 12:59:49 ----DC---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\LimeWire
2009-02-21 12:46:03 ----D---- C:\Program Files\LimeWire
2009-02-18 13:47:57 ----D---- C:\Program Files\Trend Micro
2009-02-17 04:55:08 ----AC---- C:\WINDOWS\wininit.ini
2009-02-17 04:31:12 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-17 04:31:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-13 11:33:46 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\2E1D0
2009-02-11 15:35:36 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\24242
2009-02-11 02:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 02:04:55 ----AC---- C:\WINDOWS\imsins.BAK
2009-02-09 20:16:05 ----D---- C:\Program Files\Sigmatel
2009-02-09 20:16:04 ----AC---- C:\WINDOWS\stsystra.exe
2009-02-08 01:16:03 ----D---- C:\Program Files\msn gaming zone
2009-02-08 01:00:35 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-02-07 17:00:05 ----HDC---- C:\$AVG8.VAULT$
2009-02-07 16:28:23 ----AC---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-07 16:24:55 ----D---- C:\Program Files\AVG
2009-02-07 16:24:52 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2009-02-05 17:11:57 ----AC---- C:\WINDOWS\system32\stlang.dll
2009-02-05 17:11:57 ----AC---- C:\WINDOWS\system32\stacsv.exe
2009-02-05 17:11:57 ----AC---- C:\WINDOWS\sttray.exe
2009-02-05 17:10:45 ----AC---- C:\WINDOWS\system32\stacapi.dll
2009-02-05 17:10:26 ----D---- C:\Program Files\IDT
2009-02-03 07:36:14 ----DC---- C:\87e11012ff768bd972bc676ec9005b77
2009-02-02 17:21:47 ----AC---- C:\WINDOWS\system32\sfms32.dll
2009-02-02 17:21:47 ----AC---- C:\WINDOWS\system32\sfman32.dll
2009-02-02 17:21:44 ----AC---- C:\WINDOWS\system32\CiFilter.ini
2009-02-02 17:21:44 ----AC---- C:\WINDOWS\system32\CiEcho.dll
2009-02-02 17:21:44 ----AC---- C:\WINDOWS\inres.dll
2009-02-02 17:21:32 ----D---- C:\Program Files\Creative
2009-02-02 17:21:32 ----AC---- C:\WINDOWS\system32\cifilter.dll
2009-02-02 17:10:45 ----DC---- C:\swsetup
2009-02-02 16:58:50 ----AC---- C:\WINDOWS\system32\staco.dll
2009-02-02 16:23:49 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2009-02-02 16:14:48 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
2009-02-02 16:14:47 ----DC---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Uniblue
2009-01-28 03:28:40 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-01-28 03:28:25 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-28 03:28:24 ----DC---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\SUPERAntiSpyware.com
2009-01-28 02:34:13 ----DC---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Yahoo

======List of files/folders modified in the last 1 months======

2009-02-22 15:45:51 ----DC---- C:\temp
2009-02-22 15:45:27 ----DC---- C:\WINDOWS\Prefetch
2009-02-22 14:59:40 ----SDC---- C:\WINDOWS\Tasks
2009-02-22 14:59:34 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2009-02-22 12:19:31 ----DC---- C:\WINDOWS\Temp
2009-02-22 10:20:48 ----D---- C:\Program Files\Mozilla Firefox
2009-02-22 10:14:28 ----DC---- C:\WINDOWS\Registration
2009-02-21 12:46:03 ----RD---- C:\Program Files
2009-02-20 14:20:47 ----HDC---- C:\WINDOWS\inf
2009-02-20 14:20:39 ----DC---- C:\WINDOWS\system32\CatRoot2
2009-02-20 11:41:15 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-17 11:04:58 ----D---- C:\Program Files\Google
2009-02-17 11:04:53 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2009-02-17 10:37:34 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-17 10:03:19 ----DC---- C:\WINDOWS
2009-02-17 10:02:01 ----SHDC---- C:\WINDOWS\Installer
2009-02-17 10:02:00 ----HDC---- C:\Config.Msi
2009-02-17 10:01:56 ----D---- C:\Program Files\Norton Security Scan
2009-02-17 08:44:44 ----DC---- C:\WINDOWS\system32\drivers
2009-02-17 08:43:01 ----DC---- C:\WINDOWS\system32
2009-02-17 08:14:41 ----AC---- C:\WINDOWS\SchedLgU.Txt
2009-02-17 08:06:30 ----DC---- C:\WINDOWS\system32\CatRoot
2009-02-17 04:56:21 ----D---- C:\Program Files\BearShare
2009-02-17 04:53:51 ----D---- C:\Program Files\Enigma Software Group
2009-02-17 03:20:00 ----D---- C:\Program Files\AIM6
2009-02-12 23:31:42 ----DC---- C:\QUARANTINE
2009-02-11 02:07:42 ----DC---- C:\WINDOWS\Debug
2009-02-11 02:05:19 ----HDC---- C:\WINDOWS\$hf_mig$
2009-02-11 02:04:16 ----DC---- C:\WINDOWS\system32\dllcache
2009-02-11 02:04:05 ----D---- C:\Program Files\Internet Explorer
2009-02-07 16:36:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-07 16:32:24 ----DC---- C:\WINDOWS\WinSxS
2009-02-07 16:30:45 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-02-07 15:32:52 ----AC---- C:\WINDOWS\win.ini
2009-02-05 16:08:49 ----DC---- C:\WINDOWS\Minidump
2009-02-05 14:27:15 ----DC---- C:\My Downloads
2009-02-04 03:04:08 ----AC---- C:\WINDOWS\st_affiliate.ini
2009-02-03 18:21:12 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-02-02 18:04:10 ----DC---- C:\WINDOWS\system32\config
2009-02-02 17:24:29 ----DC---- C:\WINDOWS\system32\ReinstallBackups
2009-02-02 17:04:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-02 16:17:28 ----RASHC---- C:\boot.ini
2009-01-31 12:26:34 ----HD---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Move Networks
2009-01-28 09:09:20 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Google
2009-01-28 02:28:20 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\CyberLink
2009-01-28 02:28:20 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Corel Photo Album
2009-01-28 02:28:20 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Corel
2009-01-28 02:28:20 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Apple Computer
2009-01-28 02:28:19 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\AdobeUM
2009-01-28 02:28:19 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\Adobe
2009-01-28 02:28:19 ----D---- C:\Documents and Settings\Maria Angela.IUP-LH0YWKSXWU0\Application Data\acccore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-07 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-07 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-07 107272]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2007-12-11 21361]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 rimmptsk;rimmptsk; C:\WINDOWS\System32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\System32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\System32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2006-08-07 162176]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-11-30 168776]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
R3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EraserUtilDrv10741;EraserUtilDrv10741; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2006-08-02 114560]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sfng32;Sonic Focus Plugin for HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2007-03-16 54272]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\System32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-07 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-07 298264]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-20 182768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
















info.txt logfile of random's system information tool 1.05 2009-02-22 15:47:21

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVS DVD Player version 2.4-->"C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exe
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sound Blaster ADVANCED MB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInstXP.exe /u C:\WINDOWS\system32\DRVSTORE\mr7910_1FFEF370F39864F3AAA62219D434AE06B02B70AB\mr7910.inf
Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\System32\DRVSTORE\w29n51_B4DB085D140C6265DCA5E78CC26122444CD2D577\w29n51.inf
Windows Driver Package - Intel (w39n51) net (12/04/2005 10.1.0.13)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\System32\DRVSTORE\w39n51_115847E8514BF1F186C73A2A2833B7551132A07A\w39n51.inf
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
AV: McAfee VirusScan Enterprise (outdated)

System event log

Computer Name: IUP-LH0YWKSXWU0
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302BBE049. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 22494
Source Name: Dhcp
Time Written: 20090121224227.000000-300
Event Type: warning
User:

Computer Name: IUP-LH0YWKSXWU0
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302BBE049. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 22493
Source Name: Dhcp
Time Written: 20090121224227.000000-300
Event Type: warning
User:

Computer Name: IUP-LH0YWKSXWU0
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{01FDEF3C-8C56-4DC7-8CEA-013439AA31B9} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 22492
Source Name: Tcpip
Time Written: 20090121224227.000000-300
Event Type: information
User:

Computer Name: IUP-LH0YWKSXWU0
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{01FDEF3C-8C56-4DC7-8CEA-013439AA31B9} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 22491
Source Name: Tcpip
Time Written: 20090121224227.000000-300
Event Type: information
User:

Computer Name: IUP-LH0YWKSXWU0
Event Code: 7036
Message: The service entered the \DEVICE\{01FDEF3C-8C56-4DC7-8CEA-013439AA31B9} state.

Record Number: 22490
Source Name: NETw4x32
Time Written: 20090121224227.000000-300
Event Type: information
User:

Application event log

Computer Name: MARIAANGELA
Event Code: 0
Message:
Record Number: 5
Source Name: Viewpoint Manager Service
Time Written: 20090217103212.000000-300
Event Type: information
User:

Computer Name: MARIAANGELA
Event Code: 2444
Message: MS DTC started with the following settings:



Security Configuration (OFF = 0 and ON = 1):

Network Administration of Transactions = 0,

Network Clients = 0,

Inbound Distributed Transactions using Native MSDTC Protocol = 0,

Outbound Distributed Transactions using Native MSDTC Protocol = 0,

Transaction Internet Protocol (TIP) = 0,

XA Transactions = 0
Record Number: 4
Source Name: MSDTC
Time Written: 20090217103205.000000-300
Event Type: information
User:

Computer Name: MARIAANGELA
Event Code: 0
Message:
Record Number: 3
Source Name: RegSrvc
Time Written: 20090217103158.000000-300
Event Type: information
User:

Computer Name: MARIAANGELA
Event Code: 0
Message:
Record Number: 2
Source Name: gusvc
Time Written: 20090217103058.000000-300
Event Type: information
User:

Computer Name: MARIAANGELA
Event Code: 0
Message:
Record Number: 1
Source Name: EvtEng
Time Written: 20090217103056.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e08
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
 
Sorry for delay but I never got email notification and it looks like that no one has replied until you open thread.

Please post a fresh spybot report next after you have ran scan with it.
 
Last edited:
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top