MyWay.MyWebSearch virus in the Locked Registry Keys

C

condor

New member
I would appreciate your help in removing the MyWay.MyWebSearch from the Locked Registry Keys section of my Registry.
Spybot found it at HKEY_USERS\S-1-5-21 section and Combofix confirmed the (3) lines at the address found by Spybot were in the Locked Registry Keys.
(Malwarebytes found no problems).
I have given myself full administators permissions, after downloading Microsofts SubinACL program to reset the permissions, but still cannot delete the 3 lines in the registry. When I use Regedit and right click on the 3 lines I get "cannot open" or "cannot delete" error messages.
I am obviously doing some thing wrong with the Permissions but I am not sure what.
I attach the Trend Micro HijackThis Log.
Can you please tell me what I should do next?
Thanks vey much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:46 PM, on 1/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\Astsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\HijackThis.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk.disabled
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165022501781
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/event/ieatgpc.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AST Service - Nalpeiron Ltd. - C:\WINDOWS\system32\Astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 8293 bytes
 
Hi condor

Sorry for the delay , if you still need help post a new hjt log

Thanks peku006
 
I really appreciate your help with this.
Thanks.

Here is the HJT Log.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:26 AM, on 1/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\Astsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Speaking Clock Deluxe] "C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk.disabled
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165022501781
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/event/ieatgpc.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AST Service - Nalpeiron Ltd. - C:\WINDOWS\system32\Astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 8966 bytes
 
Hi condor

1 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-01-17 10:27:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 111 GB (72%) free of 153 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:53 AM, on 1/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\Astsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4Y6O0887\RSIT[1].exe
C:\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Speaking Clock Deluxe] "C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk.disabled
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165022501781
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/event/ieatgpc.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AST Service - Nalpeiron Ltd. - C:\WINDOWS\system32\Astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 8972 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-725345543-1004UA.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{25B399F8-F410-11DE-82C1-0016761CF813}.job
C:\WINDOWS\tasks\ParetoLogic Registration3.job
C:\WINDOWS\tasks\ParetoLogic Update Version3.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2005-10-14 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll [2009-08-09 502624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-10-14 131072]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll [2009-08-09 502624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-10-14 14864384]
"MXOBG"=C:\WINDOWS\MXOALDR.EXE [2007-06-16 94208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-04 149280]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-12 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Speaking Clock Deluxe"=C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe [2009-06-30 2350592]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Admin\Start Menu\Programs\Startup
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
OpenOffice.org 3.1.lnk.disabled - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Atomic Clock Sync\Atomic.exe"="C:\Program Files\Atomic Clock Sync\Atomic.exe:*:Enabled:Atomic Clock Sync (2)"
"C:\FTGT\ftgt4.exe"="C:\FTGT\ftgt4.exe:*:Enabled:Fibonacci Galactic Trader 4"
"C:\Jts\WiseUpdt.exe"="C:\Jts\WiseUpdt.exe:*:Enabled:Check for TWS Updates"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\SierraChart\SierraChart.exe"="C:\SierraChart\SierraChart.exe:*:Enabled:Sierra Chart"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Trading Rooms Technologies, Inc\TradingRooms\Avx\TradingRooms.exe"="C:\Program Files\Trading Rooms Technologies, Inc\TradingRooms\Avx\TradingRooms.exe:*:Enabled:TradingRooms"
"C:\Ensign\Ensign.exe"="C:\Ensign\Ensign.exe:*:Enabled:Ensign Windows"
"C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Foxmail\Foxmail.exe"="C:\Program Files\Foxmail\Foxmail.exe:*:Enabled:Foxmail"
"C:\Program Files\Real Time Software Engineering\MetaServer RT 3.2 for TWS\msrt.exe"="C:\Program Files\Real Time Software Engineering\MetaServer RT 3.2 for TWS\msrt.exe:*:Enabled:MetaServer RT 3.2"
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"
"C:\MTP6RTData\MTPDataServer.exe"="C:\MTP6RTData\MTPDataServer.exe:*:Enabled:Real-Time Data Server for MTPredictor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-17 10:27:45 ----A---- C:\Admin.exe
2010-01-17 10:27:43 ----D---- C:\rsit
2010-01-17 10:06:47 ----A---- C:\RSIT.exe
2010-01-15 21:45:50 ----A---- C:\WINDOWS\Active Setup Log.txt
2010-01-15 21:00:57 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2010-01-14 13:04:04 ----D---- C:\Program Files\Registry Search
2010-01-13 07:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 07:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 15:33:35 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-01-12 15:32:20 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-01-12 15:31:17 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-01-12 15:31:17 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-01-12 15:31:08 ----D---- C:\Program Files\Common Files\xing shared
2010-01-12 15:30:03 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-01-09 11:16:34 ----D---- C:\Documents and Settings\Admin\Application Data\CyberLink
2010-01-05 18:20:54 ----SHD---- C:\RECYCLER
2010-01-04 20:59:15 ----A---- C:\ComboFix.txt
2010-01-04 12:58:44 ----A---- C:\WINDOWS\Progs_.ini
2010-01-04 12:58:27 ----D---- C:\Program Files\Speaking Clock Deluxe
2010-01-04 08:18:48 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-04 08:18:48 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-04 08:18:48 ----A---- C:\WINDOWS\system32\java.exe
2010-01-04 08:11:12 ----D---- C:\Program Files\Windows Installer Clean Up
2010-01-03 11:20:40 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-01-03 10:54:42 ----D---- C:\Program Files\Other Kaspersky uninstall Tools
2010-01-02 14:35:05 ----D---- C:\Program Files\VS Revo Group
2010-01-01 13:54:09 ----D---- C:\Program Files\Windows Resource Kits
2010-01-01 12:10:57 ----D---- C:\Documents and Settings\Admin\Application Data\Safer Networking
2010-01-01 11:46:07 ----D---- C:\Program Files\Aezay Productions
2010-01-01 10:48:45 ----A---- C:\HijackThis.exe
2009-12-31 22:09:02 ----D---- C:\Program Files\ERUNT
2009-12-31 08:29:56 ----RASHD---- C:\cmdcons
2009-12-30 20:11:49 ----D---- C:\Program Files\Safer Networking
2009-12-29 21:56:50 ----D---- C:\EnsignBackup
2009-12-29 12:55:07 ----D---- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2009-12-29 12:54:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-29 12:54:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-28 19:21:43 ----D---- C:\Program Files\ParetoLogic
2009-12-25 08:16:35 ----D---- C:\Backups_Ensign
2009-12-24 15:38:41 ----D---- C:\Program Files\Avira
2009-12-24 15:38:41 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-12-24 13:50:01 ----D---- C:\WINDOWS\temp
2009-12-23 15:00:15 ----D---- C:\Program Files\jv16 PowerTools 2009
2009-12-21 21:04:36 ----A---- C:\Boot.bak
2009-12-21 21:02:35 ----A---- C:\WINDOWS\zip.exe
2009-12-21 21:02:35 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-21 21:02:35 ----A---- C:\WINDOWS\SWSC.exe
2009-12-21 21:02:35 ----A---- C:\WINDOWS\SWREG.exe
2009-12-21 21:02:35 ----A---- C:\WINDOWS\sed.exe
2009-12-21 21:02:35 ----A---- C:\WINDOWS\PEV.exe
2009-12-21 21:02:35 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-21 21:02:35 ----A---- C:\WINDOWS\MBR.exe
2009-12-21 21:02:35 ----A---- C:\WINDOWS\grep.exe
2009-12-21 21:02:09 ----D---- C:\WINDOWS\ERDNT
2009-12-21 21:01:40 ----AD---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2010-01-17 10:27:40 ----D---- C:\WINDOWS\Prefetch
2010-01-17 10:13:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-17 10:12:55 ----D---- C:\WINDOWS\system32\Lang
2010-01-17 09:59:34 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-17 09:55:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-17 08:58:03 ----D---- C:\SFDeluxe
2010-01-17 08:58:03 ----A---- C:\WINDOWS\solfire6.ini
2010-01-16 19:00:17 ----D---- C:\PINNACLE
2010-01-16 16:29:16 ----AD---- C:\WINDOWS
2010-01-16 08:50:05 ----A---- C:\WINDOWS\cdplayer.ini
2010-01-16 07:42:05 ----SHD---- C:\WINDOWS\Installer
2010-01-16 07:42:05 ----D---- C:\Config.Msi
2010-01-16 07:41:50 ----A---- C:\WINDOWS\ODBC.INI
2010-01-16 07:41:21 ----HD---- C:\WINDOWS\inf
2010-01-16 07:41:18 ----D---- C:\Program Files\Common Files
2010-01-16 07:41:12 ----A---- C:\WINDOWS\win.ini
2010-01-16 07:39:59 ----HD---- C:\WINDOWS\ShellNew
2010-01-15 21:36:01 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-15 21:05:39 ----AD---- C:\WINDOWS\system32
2010-01-15 17:31:04 ----SHD---- C:\System Volume Information
2010-01-15 17:30:57 ----D---- C:\WINDOWS\Registration
2010-01-15 15:57:55 ----D---- C:\Ensign
2010-01-15 06:53:28 ----D---- C:\Jts
2010-01-15 06:43:49 ----D---- C:\WINDOWS\Debug
2010-01-14 13:04:18 ----RD---- C:\Program Files
2010-01-14 07:02:11 ----D---- C:\WINDOWS\AppPatch
2010-01-13 07:49:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 07:48:49 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 07:48:43 ----A---- C:\WINDOWS\imsins.BAK
2010-01-12 15:33:34 ----D---- C:\Documents and Settings\Admin\Application Data\Real
2010-01-12 15:32:27 ----D---- C:\Program Files\Common Files\Real
2010-01-12 15:29:58 ----D---- C:\Program Files\Real
2010-01-12 12:52:10 ----D---- C:\Program Files\Microsoft Office
2010-01-12 10:55:37 ----D---- C:\WINDOWS\system32\drivers
2010-01-08 20:52:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-01-08 16:01:04 ----A---- C:\WINDOWS\FTGTLogStart.TXT
2010-01-08 16:01:04 ----A---- C:\WINDOWS\FTGT32.INI
2010-01-08 08:16:03 ----A---- C:\WINDOWS\KADJISYS.INI
2010-01-08 07:57:54 ----A---- C:\WINDOWS\FTROBOT.INI
2010-01-06 14:57:33 ----D---- C:\WINDOWS\WinSxS
2010-01-06 14:54:23 ----D---- C:\SierraChart
2010-01-06 11:25:09 ----D---- C:\Program Files\World Time
2010-01-06 09:59:48 ----D---- C:\Download Files
2010-01-05 19:42:24 ----D---- C:\My Download Files
2010-01-05 17:51:13 ----A---- C:\WINDOWS\ib.ini
2010-01-04 20:53:29 ----A---- C:\WINDOWS\system.ini
2010-01-04 19:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-04 16:09:10 ----D---- C:\Program Files\databull
2010-01-04 14:56:54 ----D---- C:\Program Files\AmiBroker
2010-01-04 08:18:13 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-04 08:18:09 ----D---- C:\Program Files\Java
2010-01-04 08:10:38 ----D---- C:\Program Files\MSECache
2010-01-04 07:02:41 ----D---- C:\WINDOWS\system32\config
2010-01-04 07:02:21 ----D---- C:\WINDOWS\system32\wbem
2010-01-03 19:29:50 ----D---- C:\Program Files\Foxmail
2010-01-03 10:59:55 ----D---- C:\Program Files\GRETECH
2010-01-03 10:57:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-03 08:16:15 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-03 08:15:45 ----D---- C:\Program Files\Common Files\Adobe
2010-01-03 08:15:45 ----D---- C:\Program Files\Adobe
2010-01-02 11:04:52 ----A---- C:\WINDOWS\astros.ini
2010-01-02 09:29:08 ----D---- C:\FTGT
2010-01-01 12:07:40 ----RD---- C:\WINDOWS\Web
2009-12-31 18:49:07 ----RASH---- C:\boot.ini
2009-12-31 18:10:45 ----D---- C:\Program Files\Mozilla Firefox
2009-12-31 16:33:39 ----SD---- C:\WINDOWS\Tasks
2009-12-31 14:39:31 ----D---- C:\Documents and Settings\All Users\Application Data\RetroExp
2009-12-31 09:00:01 ----D---- C:\WINDOWS\Help
2009-12-29 17:09:55 ----D---- C:\WINDOWS\OPTIONS
2009-12-25 12:17:23 ----D---- C:\Program Files\Keyfinder
2009-12-24 15:23:48 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-24 14:32:10 ----D---- C:\WINDOWS\pss
2009-12-24 13:28:00 ----D---- C:\WINDOWS\system32\Restore
2009-12-24 13:17:05 ----D---- C:\Documents and Settings
2009-12-23 16:55:48 ----D---- C:\Program Files\jv16 PowerTools 2008
2009-12-23 15:36:59 ----HD---- C:\WINDOWS\msdownld.tmp
2009-12-23 15:36:55 ----D---- C:\Program Files\Internet Explorer
2009-12-23 07:52:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-20 10:32:32 ----D---- C:\Program Files\Wave59 RT
2009-12-20 10:06:31 ----D---- C:\Program Files\Droid Informatica
2009-12-19 14:09:16 ----D---- C:\Program Files\Carbonite
2009-12-19 09:30:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-18 14:01:04 ----D---- C:\Program Files\NinjaTrader 6.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-12-25 96104]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2005-09-09 14408]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 is-7P51Bdrv;is-7P51Bdrv; C:\WINDOWS\system32\DRIVERS\48164237.sys [2008-07-08 148496]
R1 is-80PSPdrv;is-80PSPdrv; C:\WINDOWS\system32\DRIVERS\47602119.sys [2008-07-08 148496]
R1 is-FTVCUdrv;is-FTVCUdrv; C:\WINDOWS\system32\DRIVERS\88850112.sys [2008-07-08 148496]
R1 is-G4K5Edrv;is-G4K5Edrv; C:\WINDOWS\system32\DRIVERS\45373222.sys [2008-07-08 148496]
R1 is-O3HS5drv;is-O3HS5drv; C:\WINDOWS\system32\drivers\61826897.sys [2008-03-05 148496]
R1 is-RFAT4drv;is-RFAT4drv; C:\WINDOWS\system32\drivers\10536068.sys [2008-03-05 148496]
R1 is-U2OSHdrv;is-U2OSHdrv; C:\WINDOWS\system32\DRIVERS\09870117.sys [2008-07-08 148496]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-12-25 28520]
R1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2007-04-10 56192]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-25 56816]
R2 MapMemP;MapMemP; \??\C:\WINDOWS\SYSTEM32\Drivers\MapMemP.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-10-18 4034048]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S1 is-0SG48drv;is-0SG48drv; C:\WINDOWS\system32\DRIVERS\28882349.sys [2008-07-08 148496]
S1 is-1LOSJdrv;is-1LOSJdrv; C:\WINDOWS\system32\DRIVERS\20878151.sys []
S1 is-76QSDdrv;is-76QSDdrv; C:\WINDOWS\system32\drivers\20051819.sys []
S1 is-AU098drv;is-AU098drv; C:\WINDOWS\system32\DRIVERS\64293220.sys [2008-07-08 148496]
S1 is-HH2HKdrv;is-HH2HKdrv; C:\WINDOWS\system32\drivers\83042734.sys [2008-03-05 148496]
S1 is-O1MK8drv;is-O1MK8drv; C:\WINDOWS\system32\DRIVERS\73001606.sys [2008-07-08 148496]
S1 is-QA78Mdrv;is-QA78Mdrv; C:\WINDOWS\system32\DRIVERS\60464396.sys [2008-07-08 148496]
S1 is-SP0JEdrv;is-SP0JEdrv; C:\WINDOWS\system32\drivers\93704403.sys [2008-03-05 148496]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MXOFX;USB Storage Adapter FX (MXO); C:\WINDOWS\system32\DRIVERS\MXOFX.SYS [2003-10-10 32640]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2004-10-07 15360]
S3 NtApm;NT Apm/Legacy Interface Driver; C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 9344]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-08-24 74752]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2006-12-02 50688]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-12-25 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-25 185089]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2005-12-12 176193]
R2 AST Service;AST Service; C:\WINDOWS\system32\Astsrv.exe [2007-02-16 57344]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-01-09 198248]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-01-09 181864]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-09-09 53248]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-04 153376]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2007-04-10 2066024]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 RetroExpLauncher;Retrospect Express HD Launcher; C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe [2004-07-30 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-06-16 822424]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2006-12-13 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2007-01-09 79464]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2006-12-13 57344]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-16 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-01-15 73728]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 XoftSpyService;XoftSpyService; C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe [2009-10-23 582424]
S4 is-76QSD;is-76QSD; C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-76QSD\is-76QSD.exe -r []
S4 is-HH2HK;is-HH2HK; C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-HH2HK\is-HH2HK.exe -r []
S4 is-O3HS5;is-O3HS5; C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-O3HS5\is-O3HS5.exe -r []
S4 is-RFAT4;is-RFAT4; C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RFAT4\is-RFAT4.exe -r []
S4 is-SP0JE;is-SP0JE; C:\Program Files\Kaspersky Lab Tool\is-SP0JE\is-SP0JE.exe -r []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
 
info.txt logfile of random's system information tool 1.06 2010-01-17 10:29:11

======Uninstall list======

-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACS PC Atlas-->C:\WINDOWS\IsUninst.exe -fC:\PCATLAS\UninPCAt.isu
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Advanced GET-->C:\WINDOWS\IsUninst.exe -fC:\GET\Uninst.isu
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Advanced Timer 1.11.16 By: Ice Blue-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Advanced Timer\ST6UNST.LOG"
AmiBroker 5.20-->"C:\Program Files\AmiBroker\unins000.exe"
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
API Switcher 061208-->"C:\Program Files\Bracket Trader\API Switcher\unins000.exe"
AstroTrader Time and Price Wheel-->C:\WINDOWS\iun6002.exe "C:\Program Files\AstroTrader Time and Price Wheel\irunin.ini"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Atomic Clock Sync-->C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
Audio Flash 1.2-->C:\WINDOWS\system32\ss2uinst.exe "C:\Program Files\Audio Flash\ss2uinst.dat"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bracket Trader 07.0130a78-->"C:\Program Files\Bracket Trader\unins000.exe"
ContinuumClient-->C:\PROGRA~1\Quote.com\ContinuumClient\UNWISE.EXE C:\PROGRA~1\Quote.com\ContinuumClient\INSTALL.LOG
DAK Wave and MP3 Editor v4.2b-->MsiExec.exe /I{52752228-7A33-43C4-A2B6-028992E5CB13}
DataBull 4.9.4-->"C:\Program Files\databull\unins000.exe"
DataSharks Downloader 3.04-->"C:\Program Files\DataSharks\Downloader EOD\unins000.exe"
DePopper 2.x-->"C:\WINDOWS\undrnstl.exe" "C:\Program Files\Droid Informatica\DePopper2\uninst.dru"
DIY Deck Designer 6.5.4 - The Home Depot-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D5A4789E-C361-4B46-933D-6E15044CCF40}
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
Dynamic Traders Group, Inc. DT4 .64-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\DT4\\Deploy.log"
eChat-->C:\Ensign\eChat\UNWISE.EXE C:\Ensign\eChat\INSTALL.LOG
Ensign Windows-->C:\Ensign\UNWISE.EXE C:\Ensign\INSTALL.LOG
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fibonacci/Galactic Trader 4-->C:\WINDOWS\IsUninst.exe -fC:\FTGT\Uninst.isu
Foxmail 5.0-->"C:\Program Files\Foxmail\unins000.exe"
HijackThis 2.0.2-->"C:\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HQuote-->C:\Program Files\HQuote\uninstall.exe
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
InvestorLink Databoss version 4.62-->"C:\Program Files\InvestorLink\unins000.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
jv16 PowerTools 2008-->"C:\Program Files\jv16 PowerTools 2008\unins000.exe"
LindXpress Version 6.2.4-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Lind\LindXpress624\Uninst.isu"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Loan Calculator! Plus v2.5-->C:\PROGRA~1\LOANCA~1\UNWISE.EXE C:\PROGRA~1\LOANCA~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MetaServer RT 3.2 for TWS Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC51931F-543E-41C3-8553-F8F110C4AF08}\Setup.exe" -l0x9
MetaServer RT 3.2 for TWS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC0DF648-EF30-4CE3-AE73-FDF31B653C6F}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar Platform-->MsiExec.exe /I{547C4A03-8402-49E9-9E94-112929185B1E}
MSN Toolbar-->C:\Program Files\MSN Toolbar Installer\InstallManager.exe /UNINSTALL
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MTPDataServer-->MsiExec.exe /I{4C859089-D2A5-4486-B826-E2B2576BD514}
MTPredictor End Of Day-->MsiExec.exe /I{7B062ED8-0D43-43E1-A6AB-9979BA5C560E}
MTPredictor6-->MsiExec.exe /X{7823AE39-410B-4C73-8206-0715FB1B9E7E}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
muvee Reveal Seagate Edition-->MsiExec.exe /X{78E9A751-5616-233F-1249-16AC5758C646}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NinjaTrader 6.5-->MsiExec.exe /I{19C2EC4E-2EC4-46E6-B838-0F8C6BD87E6B}
Norton Ghost 10.0-->MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
NSIS FreePOPs (remove only)-->"C:\Program Files\FreePOPs\uninstall.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{A16B3EA2-8798-4960-8D8B-18D3149AD617}
ParetoLogic Privacy Controls-->C:\Program Files\ParetoLogic\Privacy Controls\uninstaller.exe
Pegasus Mail-->C:\PMAIL\Programs\DeSetup.exe C:\PMAIL\Programs
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QFeed ActiveX Components-->C:\PROGRA~1\COMMON~1\QUOTE.COM\UNWISE.EXE C:\PROGRA~1\COMMON~1\QUOTE.COM\INSTALL.LOG
QuickTax 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}\isetup.ex_" -l0x9 -uninst
QuickTax 2007-->MsiExec.exe /X{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}
QuickTax 2008-->MsiExec.exe /X{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Realtek High Definition Audio Driver-->RtlUpd.exe -r
RegAlyzer-->"C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
Retrospect Express HD 1.0-->MsiExec.exe /I{1E88F516-C8AA-4D17-9A54-8AB0768F34C1}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Easy CD and DVD Burning-->MsiExec.exe /I{6599091B-D42D-4765-ABC3-8B25E844C746}
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{2A30052B-831C-41D3-8044-3C0388066350}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{2A30052B-831C-41D3-8044-3C0388066350}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Sizer (remove only)-->C:\Program Files\Sizer\Uninstall.exe
SnagIt 5-->C:\Program Files\TechSmith\SnagIt\SIUNINST.EXE
SnagIt 7-->MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B}
Solar Fire 5 Goodies-->"C:\SOLFIRE5\IsStub32.exe" -fC:\SOLFIRE5\DeIsL5.isu -cC:\SOLFIRE5\_ISREG32.DLL
Solar Fire Deluxe-->MsiExec.exe /X{6EE4648E-8FFC-4DB5-8A61-BF5D99940884}
Speaking Clock Deluxe 3.62-->"C:\Program Files\Speaking Clock Deluxe\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SubliminalEzy-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\SubliminalEzy\UnInst.log" "/APPNAME=SubliminalEzy"
SWF Opener-->"C:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Trader Workstation 4.0-->C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
Trading Rooms Technologies, Inc TradingRooms Application-->C:\Program Files\Trading Rooms Technologies, Inc\TradingRooms\Avx\Uninstall\SETUP.EXE
TWS Interoperability Components-->C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
Universal Viewer-->"C:\Program Files\Universal Viewer\Uninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
USB Storage Adapter FX (MXO)-->MXOun.exe MXOFX
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeryPDF PDFcamp Printer v2.1-->"C:\Program Files\VeryPDF PDFcamp Printer v2.1\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSplit Revolution (v9.02)-->C:\Program Files\WinSplit Revolution\Uninstall.exe
WoodieSwitchInstall-->MsiExec.exe /I{59C77A5E-7E33-4A7F-8B11-337D7CC8E5CB}
XoftSpySE-->C:\Program Files\XoftSpySE6\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: AL-BF3E369F3453
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 30499
Source Name: Service Control Manager
Time Written: 20091220094841.000000-300
Event Type: error
User:

Computer Name: AL-BF3E369F3453
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 30496
Source Name: Service Control Manager
Time Written: 20091220094841.000000-300
Event Type: error
User:

Computer Name: AL-BF3E369F3453
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 30493
Source Name: Service Control Manager
Time Written: 20091220094841.000000-300
Event Type: error
User:

Computer Name: AL-BF3E369F3453
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 30489
Source Name: Service Control Manager
Time Written: 20091220094841.000000-300
Event Type: error
User:

Computer Name: AL-BF3E369F3453
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 30487
Source Name: Service Control Manager
Time Written: 20091220094840.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: AL-BF3E369F3453
Event Code: 1000
Message: Faulting application ensign.exe, version 2009.7.10.0, faulting module unknown, version 0.0.0.0, fault address 0x00002000.

Record Number: 5443
Source Name: Application Error
Time Written: 20090810162654.000000-240
Event Type: error
User:

Computer Name: AL-BF3E369F3453
Event Code: 100
Message: Description: Error EC8F17B7: Cannot create recovery points for job: Complete System Backup. Error EC8F03ED: Cannot create the recovery point. Error E0BB0004: Function Create Image argument Filename is invalid. Error E7D10026: Unable to get attributes for 'E:/'. Error EBAB03F1: The system cannot find the path specified.
Details: 0xE0BB0004
Source: Norton Ghost

Record Number: 5415
Source Name: Norton Ghost
Time Written: 20090807173004.000000-240
Event Type: error
User:

Computer Name: AL-BF3E369F3453
Event Code: 100
Message: Description: Error EC8F17B7: Cannot create recovery points for job: Complete System Backup. Error EC8F03ED: Cannot create the recovery point. Error E0BB0004: Function Create Image argument Filename is invalid. Error E7D10026: Unable to get attributes for 'E:/'. Error EBAB03F1: The system cannot find the path specified.
Details: 0xE0BB0004
Source: Norton Ghost

Record Number: 5402
Source Name: Norton Ghost
Time Written: 20090806173009.000000-240
Event Type: error
User:

Computer Name: AL-BF3E369F3453
Event Code: 2004
Message: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Record Number: 5398
Source Name: PerfNet
Time Written: 20090806070054.000000-240
Event Type: error
User:

Computer Name: AL-BF3E369F3453
Event Code: 0
Message: Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 5382
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090805201842.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------
 
Hi peku006,

Here is the ComboFix log.

Thanks
condor


ComboFix 10-01-16.04 - Admin 01/17/2010 12:53:07.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1481 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-17 15:27 . 2010-01-01 15:48 401720 ----a-w- C:\Admin.exe
2010-01-17 15:27 . 2010-01-17 15:29 -------- d-----w- C:\rsit
2010-01-17 15:06 . 2010-01-17 14:38 278487 ----a-w- C:\RSIT.exe
2010-01-16 02:00 . 2010-01-16 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-01-14 18:04 . 2010-01-14 20:12 -------- d-----w- c:\program files\Registry Search
2010-01-13 12:15 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 20:31 . 2010-01-12 20:31 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-09 16:16 . 2010-01-09 16:16 -------- d-----w- c:\documents and settings\Admin\Application Data\CyberLink
2010-01-07 02:41 . 2010-01-12 15:55 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-04 17:58 . 2010-01-04 17:58 -------- d-----w- c:\program files\Speaking Clock Deluxe
2010-01-04 13:11 . 2010-01-04 13:11 3584 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-01-04 13:11 . 2010-01-04 13:11 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-01-04 12:02 . 2010-01-04 12:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-03 16:20 . 2010-01-03 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-03 16:09 . 2010-01-04 13:17 152576 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-03 16:09 . 2010-01-04 12:33 79488 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-03 15:54 . 2010-01-03 19:00 -------- d-----w- c:\program files\Other Kaspersky uninstall Tools
2010-01-02 19:35 . 2010-01-02 19:35 -------- d-----w- c:\program files\VS Revo Group
2010-01-01 18:54 . 2010-01-01 18:54 -------- d-----w- c:\program files\Windows Resource Kits
2010-01-01 17:10 . 2010-01-01 17:10 -------- d-----w- c:\documents and settings\Admin\Application Data\Safer Networking
2010-01-01 16:46 . 2010-01-01 16:46 -------- d-----w- c:\program files\Aezay Productions
2010-01-01 15:48 . 2010-01-01 15:48 401720 ----a-w- C:\HijackThis.exe
2010-01-01 03:09 . 2010-01-01 03:09 -------- d-----w- c:\program files\ERUNT
2009-12-31 16:16 . 2009-12-31 16:16 87680 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 15:10 . 2009-12-31 15:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Safer Networking
2009-12-31 14:50 . 2009-12-31 14:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-31 01:11 . 2009-12-31 01:14 -------- d-----w- c:\program files\Safer Networking
2009-12-30 02:56 . 2010-01-04 02:55 -------- d-----w- C:\EnsignBackup
2009-12-29 17:55 . 2009-12-29 17:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2009-12-29 17:54 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 17:54 . 2009-12-29 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 17:54 . 2010-01-12 15:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 17:54 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 00:21 . 2009-12-29 00:21 -------- d-----w- c:\program files\ParetoLogic
2009-12-25 13:16 . 2009-12-25 13:18 -------- d-----w- C:\Backups_Ensign
2009-12-24 20:38 . 2009-12-25 12:05 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-24 20:38 . 2009-12-25 12:05 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-24 20:38 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-24 20:38 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-24 20:38 . 2009-12-24 20:38 -------- d-----w- c:\program files\Avira
2009-12-24 20:38 . 2009-12-24 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-24 18:18 . 2009-12-24 18:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-23 20:00 . 2009-12-23 20:25 -------- d-----w- c:\program files\jv16 PowerTools 2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 18:07 . 2009-02-24 15:36 1511931936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-17 14:57 . 2009-02-24 15:36 17716160 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-17 00:04 . 2009-07-06 00:53 1 ----a-w- c:\documents and settings\Admin\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-16 12:41 . 2009-05-10 00:32 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2010-01-16 02:36 . 2009-04-23 23:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-12 20:32 . 2006-10-14 00:33 -------- d-----w- c:\program files\Common Files\Real
2010-01-12 20:29 . 2006-10-14 00:33 -------- d-----w- c:\program files\Real
2010-01-06 16:25 . 2007-12-03 23:56 -------- d-----w- c:\program files\World Time
2010-01-04 21:09 . 2008-07-04 15:19 -------- d-----w- c:\program files\databull
2010-01-04 19:56 . 2008-11-29 18:27 -------- d-----w- c:\program files\AmiBroker
2010-01-04 13:18 . 2008-12-05 21:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-04 13:18 . 2006-04-06 14:32 -------- d-----w- c:\program files\Java
2010-01-04 13:10 . 2008-03-03 17:44 -------- d-----w- c:\program files\MSECache
2010-01-04 00:29 . 2009-07-19 00:42 -------- d-----w- c:\program files\Foxmail
2010-01-03 15:59 . 2009-06-23 16:22 -------- d-----w- c:\program files\GRETECH
2010-01-03 13:15 . 2006-04-06 02:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-02 23:21 . 2006-04-06 02:19 87680 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 19:39 . 2007-06-16 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp
2009-12-29 00:20 . 2009-12-09 02:07 1977368 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Privacy Controls\Temp\Update.exe
2009-12-25 17:17 . 2008-07-12 12:50 -------- d-----w- c:\program files\Keyfinder
2009-12-24 20:23 . 2008-09-14 01:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-24 18:17 . 2009-12-24 18:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2009-12-23 21:55 . 2008-07-12 00:20 -------- d-----w- c:\program files\jv16 PowerTools 2008
2009-12-20 15:32 . 2009-05-18 18:13 -------- d-----w- c:\program files\Wave59 RT
2009-12-20 15:06 . 2007-09-13 18:22 -------- d-----w- c:\program files\Droid Informatica
2009-12-19 19:09 . 2009-12-17 15:43 -------- d-----w- c:\program files\Carbonite
2009-12-19 14:30 . 2006-12-06 13:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-18 19:01 . 2008-12-03 19:26 -------- d-----w- c:\program files\NinjaTrader 6.5
2009-12-18 01:29 . 2009-12-17 19:33 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{4C859089-D2A5-4486-B826-E2B2576BD514}\_D63846598E61DA9099F189.exe
2009-12-18 01:29 . 2009-12-17 19:33 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{4C859089-D2A5-4486-B826-E2B2576BD514}\_A0FAE5B980A735637E2FF7.exe
2009-12-17 15:45 . 2006-04-06 02:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 15:45 . 2009-12-17 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-12-17 15:45 . 2009-12-17 15:41 -------- d-----w- c:\program files\Seagate
2009-12-17 15:42 . 2009-12-17 15:41 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-12-16 21:24 . 2009-12-16 21:24 -------- d-----w- c:\program files\MTPredictor6
2009-12-09 11:24 . 2009-12-09 11:24 98304 ----a-w- c:\windows\system32\NtDirect.dll
2009-12-02 01:21 . 2009-12-02 01:21 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2009-11-30 13:22 . 2009-11-30 13:22 -------- d-----w- c:\documents and settings\Admin\Application Data\ParetoLogic
2009-11-30 13:21 . 2009-11-30 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-11-30 13:21 . 2009-11-30 12:34 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-11-30 13:21 . 2009-11-30 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-11-30 12:34 . 2009-11-30 12:34 -------- d-----w- c:\program files\XoftSpySE6
2009-11-30 12:34 . 2009-11-30 12:34 -------- d-----w- c:\program files\Common Files\XoftSpySE
2009-11-29 18:18 . 2009-11-29 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-11-21 18:24 . 2009-11-21 18:24 -------- d-----w- c:\documents and settings\Admin\Application Data\teamspeak2
2009-11-21 18:24 . 2009-11-21 18:23 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2007-03-17 14:55 . 2007-03-17 14:55 513 ----a-w- c:\program files\Shortcut to Microsoft Office.lnk
2004-10-01 19:00 . 2006-04-06 02:35 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2008-07-12 00:20 . 2008-07-12 00:20 23 --sha-w- c:\windows\system32\abaecdfdee_z.dll
2008-12-29 17:53 . 2008-12-29 17:53 6144 --sha-w- c:\windows\system32\ss.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speaking Clock Deluxe"="c:\program files\Speaking Clock Deluxe\SpClDlx.exe" [2009-06-30 2350592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"MXOBG"="c:\windows\MXOALDR.EXE" [2007-06-16 94208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-12 198160]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2006-4-6 194775]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.1.lnk.disabled [2009-7-5 870]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-11-16 221247]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Norton Ghost 10.0"=c:\program files\Norton Ghost\Agent\GhostTray.exe
"RetroExpress"=c:\progra~1\Dantz\RETROS~1\RetroExpress.exe /h
"Speaking Clock Lite"=c:\program files\Speaking Clock\SpClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0205.2\mswinext.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Atomic Clock Sync\\Atomic.exe"=
"c:\\FTGT\\ftgt4.exe"=
"c:\\Jts\\WiseUpdt.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\SierraChart\\SierraChart.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Trading Rooms Technologies, Inc\\TradingRooms\\Avx\\TradingRooms.exe"=
"c:\\Ensign\\Ensign.exe"=
"c:\\Program Files\\Conference\\Conference.dll"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Foxmail\\Foxmail.exe"=
"c:\\Program Files\\Real Time Software Engineering\\MetaServer RT 3.2 for TWS\\msrt.exe"=
"c:\\Program Files\\NinjaTrader 6.5\\bin\\NinjaTrader.exe"=
"c:\\MTP6RTData\\MTPDataServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 is-7P51Bdrv;is-7P51Bdrv;c:\windows\system32\drivers\48164237.sys [2/24/2009 11:32 AM 148496]
R1 is-80PSPdrv;is-80PSPdrv;c:\windows\system32\drivers\47602119.sys [11/20/2008 4:26 PM 148496]
R1 is-FTVCUdrv;is-FTVCUdrv;c:\windows\system32\drivers\88850112.sys [10/18/2008 7:38 AM 148496]
R1 is-G4K5Edrv;is-G4K5Edrv;c:\windows\system32\drivers\45373222.sys [9/13/2008 3:39 PM 148496]
R1 is-O3HS5drv;is-O3HS5drv;c:\windows\system32\drivers\61826897.sys [8/1/2008 5:07 PM 148496]
R1 is-RFAT4drv;is-RFAT4drv;c:\windows\system32\drivers\10536068.sys [8/16/2008 6:26 AM 148496]
R1 is-U2OSHdrv;is-U2OSHdrv;c:\windows\system32\drivers\09870117.sys [9/7/2008 11:13 AM 148496]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/24/2009 3:38 PM 108289]
R2 AST Service;AST Service;c:\windows\system32\AstSrv.exe [2/16/2007 11:08 AM 57344]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 MapMemP;MapMemP;c:\windows\system32\drivers\MAPMEMP.SYS [4/6/2006 8:57 AM 63080]
S1 is-0SG48drv;is-0SG48drv;c:\windows\system32\drivers\28882349.sys [12/31/2008 10:17 PM 148496]
S1 is-1LOSJdrv;is-1LOSJdrv;c:\windows\system32\DRIVERS\20878151.sys --> c:\windows\system32\DRIVERS\20878151.sys [?]
S1 is-76QSDdrv;is-76QSDdrv;c:\windows\system32\drivers\20051819.sys --> c:\windows\system32\drivers\20051819.sys [?]
S1 is-AU098drv;is-AU098drv;c:\windows\system32\drivers\64293220.sys [12/19/2008 7:21 PM 148496]
S1 is-HH2HKdrv;is-HH2HKdrv;c:\windows\system32\drivers\83042734.sys [7/23/2008 5:43 AM 148496]
S1 is-O1MK8drv;is-O1MK8drv;c:\windows\system32\drivers\73001606.sys [6/20/2009 6:00 PM 148496]
S1 is-QA78Mdrv;is-QA78Mdrv;c:\windows\system32\drivers\60464396.sys [4/12/2009 6:12 PM 148496]
S1 is-SP0JEdrv;is-SP0JEdrv;c:\windows\system32\drivers\93704403.sys [7/10/2008 11:13 AM 148496]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [11/11/2008 2:33 PM 9344]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [10/23/2009 4:58 PM 582424]
S4 is-76QSD;is-76QSD;"c:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\is-76QSD\is-76QSD.exe" -r --> c:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\is-76QSD\is-76QSD.exe [?]
S4 is-HH2HK;is-HH2HK;"c:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\is-HH2HK\is-HH2HK.exe" -r --> c:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\is-HH2HK\is-HH2HK.exe [?]
S4 is-O3HS5;is-O3HS5;"c:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\is-O3HS5\is-O3HS5.exe" -r --> c:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\is-O3HS5\is-O3HS5.exe [?]
S4 is-RFAT4;is-RFAT4;"c:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\is-RFAT4\is-RFAT4.exe" -r --> c:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\is-RFAT4\is-RFAT4.exe [?]
S4 is-SP0JE;is-SP0JE;"c:\program files\Kaspersky Lab Tool\is-SP0JE\is-SP0JE.exe" -r --> c:\program files\Kaspersky Lab Tool\is-SP0JE\is-SP0JE.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-725345543-1004Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-30 17:08]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-725345543-1004UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-30 17:08]

2009-12-29 c:\windows\Tasks\ParetoLogic Privacy Controls_{25B399F8-F410-11DE-82C1-0016761CF813}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2009-12-02 00:46]

2010-01-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-23 21:58]

2009-11-30 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58]

2010-01-06 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-10-23 21:58]
.
.
------- Supplementary Scan -------
.
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4f99sura.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 13:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0044EC92-5F02-7234-9024-721274839705}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jboakhelckochlnfpokdfajobdamgmalnchlmpgjmnbfkechpgoh"=hex:6c,61,6f,61,70,67,
62,6f,69,62,6d,65,6d,64,64,6a,6c,62,63,69,65,62,65,67,00,31
"hboakhelckochlnfpokdfajocdllmammilcapoaahimbhodb"=hex:6e,62,70,70,62,67,68,6c,
6c,69,67,66,6c,6d,69,68,6a,69,69,62,66,6c,69,62,66,67,65,70,70,6f,65,6e,6e,\

[HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6D4317B5-05CE-8C0A-C4F2-3316A1122410}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0DDAE33-57C3-6CA1-75B1-54DD1ABBBEB0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3452)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-17 13:12:36
ComboFix-quarantined-files.txt 2010-01-17 18:12
ComboFix2.txt 2010-01-05 01:59
ComboFix3.txt 2010-01-03 18:53
ComboFix4.txt 2010-01-03 03:17
ComboFix5.txt 2010-01-17 17:51

Pre-Run: 115,850,489,856 bytes free
Post-Run: 115,850,637,312 bytes free

- - End Of File - - 4782DD96C11AA978FA92F87EDC7497E2
 
Hi condor

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :regfind
MyWebSearch
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
 
Hi peku006

Here's the SystemLook log. Looks like we found something!
Thanks

condor

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:08 on 17/01/2010 by Admin (Administrator - Elevation successful)

========== regfind ==========

Searching for "MyWebSearch"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\mywebsearch.net]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\mywebsearch.net]
[HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]

-=End Of File=-
 
Hi condor

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the
    pasteline.png
    area. Do not include the word Code.
Code: 
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\mywebsearch.net]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[-HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\mywebsearch.net]
[-HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[-HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net

:Commands

[emptytemp]
  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Push the large
    btnmoveit.png
    button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Thanks peku006
 
Hi peku006,

That was great to see those nasties go!

Here is the OTM log.

Thanks very much!

condor


All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\mywebsearch.net\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\mywebsearch.net\ not found.
Registry key HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net\ not found.
Registry key HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.ne\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 31523 bytes
->Temporary Internet Files folder emptied: 14245927 bytes
->Java cache emptied: 1685611 bytes
->FireFox cache emptied: 41487700 bytes
->Google Chrome cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Allan

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 9030437 bytes
%systemroot%\System32 .tmp files removed: 348160 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01182010_073556

Files moved on Reboot...

Registry entries deleted on Reboot...
 
Hi condor

looks good, but we can check again

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :regfind
MyWebSearch
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
 
Hi peku006,

Here is the log.

This has been a great learning experience for me seeing how you work with these kind of issues. Without your help I would probably be re-formatting my drive now!
Thank you so much.

condor

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:22 on 18/01/2010 by Admin (Administrator - Elevation successful)

========== regfind ==========

Searching for "MyWebSearch"
No data found.

-=End Of File=-
 
Hi condor
I would probably be re-formatting my drive now!
Click to expand...
"re-formatting" is always the last option ,"MyWebSearch" is easy to remove :whistle:

logs looks good but ,we will run one online scan to be sure that there is nothing left......

1 - Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go here then click on:
    EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on:
    EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:
    EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
    EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3- Status Check
Please reply with

1. the Eset online scannner report
2. a fresh HijackThis log

Thanks peku006
 
Hi Peku006,

I can only get Eset to run 20% of the scan. I have deleted folders that it was stopping at in Documents and Settings/Admin/ Application Data, i.e. 3 previous versions of Java, Thunderbird Mail. After re-booting and re-starting the scan I still stop at 20% of the scan, just at a later folder each time.

Is there another scanner I could use perhaps?

Thanks

condor

Here is the ESET log file.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89ec57b264976e4392090b9f159b5a89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-18 03:42:07
# local_time=2010-01-18 10:42:07 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 100 0 39324205 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=18189
# found=0
# cleaned=0
# scan_time=2768
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89ec57b264976e4392090b9f159b5a89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-18 03:44:55
# local_time=2010-01-18 10:44:55 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 0 39327092 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=10222
# found=0
# cleaned=0
# scan_time=48
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89ec57b264976e4392090b9f159b5a89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-18 04:02:07
# local_time=2010-01-18 11:02:07 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 0 39327189 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=18189
# found=0
# cleaned=0
# scan_time=983
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89ec57b264976e4392090b9f159b5a89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-18 04:05:59
# local_time=2010-01-18 11:05:59 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 0 39328218 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=18188
# found=0
# cleaned=0
# scan_time=185
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89ec57b264976e4392090b9f159b5a89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-18 04:13:43
# local_time=2010-01-18 11:13:43 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 0 39328637 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=18187
# found=0
# cleaned=0
# scan_time=230
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89ec57b264976e4392090b9f159b5a89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-18 04:20:54
# local_time=2010-01-18 11:20:54 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 0 39329124 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=18187
# found=0
# cleaned=0
# scan_time=176
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89ec57b264976e4392090b9f159b5a89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-18 04:28:03
# local_time=2010-01-18 11:28:03 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 0 39329487 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=18181
# found=0
# cleaned=0
# scan_time=241
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89ec57b264976e4392090b9f159b5a89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-18 04:39:07
# local_time=2010-01-18 11:39:07 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 0 39329798 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=19680
# found=0
# cleaned=0
# scan_time=593
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89ec57b264976e4392090b9f159b5a89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-18 05:07:35
# local_time=2010-01-18 12:07:35 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 0 39330993 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=19680
# found=0
# cleaned=0
# scan_time=1107
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=89ec57b264976e4392090b9f159b5a89
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-18 05:32:36
# local_time=2010-01-18 12:32:36 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 0 39332845 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=19680
# found=0
# cleaned=0
# scan_time=755
 
Hi condor

Ok,let´s try this

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.

peku006
 
Hi peku006,

Here are the 2 text files Kaspersky and HJT.

Kaspersky Online Scanner 7 No threats found
System information
Update
Scan
Critical areas
My Computer
Folder...
File...

Report
Support
Help
SettingsUpdateNew viruses, Trojans and other malware appear in the world every
day; therefore, it is extremely important to keep the databases
up-to-date.Database information

Database date:09.21.2010 21:01:00

Records in database:3330776

Program download and update (100%)

Size of updates:1 KB
Downloaded:1 KB
Program work files are loaded. The program is started.
Database update (100%)


Size of updates:632 KB
Downloaded:176 KB
Last start:04.38.2010 16:01:265
Status:completed successfully
The program is starting. Please wait...
Updates source is selected: http://www.kaspersky.com
File download: packages/kos-extras.jar
The program is started.

Updating the anti-virus database. Please wait...
Updates source is selected: http://dnl-06.geo.kaspersky.com/
File download: index/master.xml.klz
File download: diffs/bases/five/avc/kavset.xml.fzb
File download: bases/five/avc/kavset.xml.klz
File download: diffs/bases/five/avc/krnjava.avc.py-
File download: bases/five/avc/krnjava.avc
File download: diffs/bases/five/avc/krnengn.avc.amk
File download: bases/five/avc/krnengn.avc
File download: diffs/bases/five/avc/fa001.avc.oio
File download: diffs/bases/five/avc/dailyc.avc.skj
File download: diffs/bases/five/avc/daily-ec.avc.qyn
File download: diffs/bases/five/avc/daily.avc.rvi
File download: diffs/bases/five/avc/avp.klb.ndj
Update completed. The program is ready to scan your computer.Scan - My
ComputerScan statistics

Objects scanned:170348

Threats found:0

Infected objects found:0

Suspicious objects found:0

Scan duration:02:40:26
Scan beginning
Scanning in progress (94%)

Select the area for scanning in the Scan section of the left window part.

Last start:04.39.2010 16:01:953
Status:completed successfully
Please wait, scanning can take some time depending upon the size of the
area to scan. You can continue work with other browser windows.

Scanning:01182010_073556.res
Path:C:\_OTM\MovedFiles
Configure | View report | Stop scanning
Attention! Anti-virus scanning may be unavailable if your computer already has
another anti-virus application installed and running. Please deactivate the
anti-virus software installed on your computer and start Kaspersky Online
Scanner 7.0 again from the web site of Kaspersky Lab. ReportThe report contains
information about threats detected on your computer.
To go to the Virus Encyclopedia web site, please disable pop-up blocking in your
browser.
- infected object - suspicious object
InformationWelcome to Kaspersky Online Scanner 7.0! You can use this application
to check your computer for the presence of viruses and other malicious programs
for free.SupportIf you have questions, comments or suggestions regarding
Kaspersky Online Scanner 7.0, please contact us.About Kaspersky Online Scanner
7.0

Version:7.0.26.13

Database date:09.21.2010 21:01:00

Operating system:Microsoft Windows XP Home Edition Service Pack 3 (build
2600)

Community forum
Go to the web forum of Kaspersky Lab.
Virus Encyclopedia
News and detailed information about threats are available at
Viruslist.com.
View information
Attention!

Kaspersky Online Scanner 7.0 is already started on this computer.
SettingsScan computer for the presence of these threats:
Viruses, worms, Trojans, rootkits
Spyware, adware, dialers and other riskware

Scan compound objects (not applicable for single files selected
individually):
Archives
E-mail databases


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:53 PM, on 1/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\Astsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Speaking Clock Deluxe] "C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk.disabled
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165022501781
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/event/ieatgpc.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AST Service - Nalpeiron Ltd. - C:\WINDOWS\system32\Astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 9035 bytes
 
Hi condor

excellent work :bigthumb:

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

all logs are ok,we can check if some software needs updating

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Thanks peku006
 
Hi peku006,

HJT fixed the 2 items. Here is the Security Check log.

Regards

condor

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Avira updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
XoftSpySE
Spybot - Search & Destroy
Norton Ghost 10.0
HijackThis 2.0.2
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````
 
You must log in or register to reply here.
Back
Top