Win32.TDSS.Rtk continued, last thread closed. (Resolved)

[prozak]

Here's the last thread:
http://forums.spybot.info/showthread.php?p=330645

Here's my new combofix log after installing the recovery console manually. TY

ComboFix 09-08-22.06 - Luke 29/08/2009 14:38.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1402 [GMT 1:00]
Running from: c:\documents and settings\Luke\Desktop\Virus Fix\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))
.

2009-08-16 12:28 . 2009-08-16 12:28 -------- d-----w- c:\program files\Trend Micro
2009-08-16 12:24 . 2009-08-16 12:24 -------- d-----w- c:\program files\ERUNT
2009-08-15 17:59 . 2009-08-15 18:00 -------- d-----w- C:\ecbd25c7c40e7dcb99ca1e38a6
2009-08-15 17:59 . 2009-08-15 20:01 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-11 21:38 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 16:29 . 2009-08-10 16:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-09 13:46 . 2009-08-09 13:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 13:20 . 2001-10-13 13:11 78 ----a-w- c:\windows\battery.dat
2009-08-29 00:26 . 2008-01-22 17:52 -------- d-----w- c:\documents and settings\Luke\Application Data\uTorrent
2009-08-23 10:33 . 2009-02-15 13:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 10:33 . 2009-02-15 13:46 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 10:33 . 2009-02-15 13:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-16 11:32 . 2009-04-23 07:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 20:02 . 2008-01-22 15:48 62256 ----a-w- c:\documents and settings\Luke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 23:28 . 2008-01-17 15:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-09 20:16 . 2008-01-26 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-05 09:01 . 2004-08-10 12:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:18 . 2008-07-10 18:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-02 14:20 . 2008-06-07 17:00 -------- d-----w- c:\program files\Cheat Engine
2009-07-17 19:01 . 2004-08-10 12:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-08-10 12:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 18:47 . 2009-07-09 18:41 5589408 ----a-w- c:\documents and settings\Luke\Application Data\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
2009-07-03 17:09 . 2004-08-10 12:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-10 12:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 12:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-10 12:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 12:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2004-08-10 13:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 12:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 12:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-02-28 00:03 . 2008-02-28 00:03 197 --sha-w- c:\program files\Common Files\maxtreme.dat
2008-01-27 20:45 . 2008-01-17 15:03 76 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( SnapShot@2009-08-24_09.24.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-29 13:20 . 2009-08-29 13:20 16384 c:\windows\Temp\Perflib_Perfdata_2b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-05 160592]
"Tracks Eraser Pro"="c:\program files\Acesoft\Tracks Eraser Pro\te.exe" [2007-01-16 1335296]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-11 136600]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" [2008-02-09 456024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-23 2007832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-06-06 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Luke\Start Menu\Programs\Startup\
Battery Doubler.lnk - c:\program files\Dachshund Software\Battery Doubler\Battery Doubler.exe [2002-9-21 1534267]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-2-3 3581680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-11-23 114688]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-17 50688]
Phone Connection Monitor.lnk - c:\program files\Sony Ericsson\Mobile\audevicemgr.exe [2008-6-8 754176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 10:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Team Craxtion\\Craxtion4\\Craxtion.exe"=
"c:\\Program Files\\Dell\\Dell Webcam Center\\LiveCamDe.exe"=
"c:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"c:\\Halo CE Portable Edition By Am3n\\App\\haloce.exe"=
"c:\\Program Files\\XLink Kai\\kaiEngine.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [21/01/2008 20:28 21512]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/02/2009 14:46 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/02/2009 14:47 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15/02/2009 14:45 297752]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [09/02/2008 05:58 941784]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [10/08/2004 13:51 14336]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [16/09/2008 23:15 219264]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [17/01/2008 15:32 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [17/01/2008 15:32 7424]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [21/01/2008 20:28 26248]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [07/09/2008 08:58 36928]
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys --> c:\windows\system32\XDva120.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2008-10-30 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080117
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 203.162.183.222:80
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\2ltdm4nj.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-29 14:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2071560091-4037542173-4045409059-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8141D874-02E7-3B03-461F-59ADDF4FDF86}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakldgdlldeopaokgk"=hex:6a,61,70,68,70,6a,68,6a,69,63,6d,69,66,68,62,6e,6a,6c,
62,68,00,02
"haelnpfodgcokpin"=hex:6a,61,70,68,6f,6a,63,6a,68,62,6f,6e,70,6c,61,65,61,67,
6c,70,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2148)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-29 14:46
ComboFix-quarantined-files.txt 2009-08-29 13:45
ComboFix2.txt 2009-08-24 09:32

Pre-Run: 1,080,209,408 bytes free
Post-Run: 1,120,686,080 bytes free

199 --- E O F --- 2009-08-17 20:39

 

[katana]

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Failure to reply within 5 days will result in the topic being closed.
5. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------


How are things running now ?


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.
  ( They can also be found in the C:\RSIT folder )

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

 

[prozak]

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Luke at 2009-09-02 14:38:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 294 MB (0%) free of 147 GB
Total RAM: 2038 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:24, on 02/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Luke\Desktop\Virus Fix\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Luke.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/small...n&client=dell-usuk&channel=uk-smb&ibd=2080117
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/small...n&client=dell-usuk&channel=uk-smb&ibd=2080117
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.162.183.222:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1201017859971
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201018829846
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13929 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\shutdown.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-23 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-02-05 5722952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-02-05 5722952]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-01 161352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-03 851968]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-06 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-06 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-06 138008]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-08-28 36864]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-11 136600]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-06-06 405504]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 1228800]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-11-01 189736]
"WebcamMaxMoniter"=C:\Program Files\WebcamMax\wcmmon.exe [2008-02-09 456024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-23 2007832]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-02-05 160592]
"Tracks Eraser Pro"=C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe [2007-01-16 1335296]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-02-14 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-04-23 22058792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe [2009-04-25 9017648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Device Detector 2.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Phone Connection Monitor.lnk - C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe

C:\Documents and Settings\Luke\Start Menu\Programs\Startup
Battery Doubler.lnk - C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-23 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Team Craxtion\Craxtion4\Craxtion.exe"="C:\Program Files\Team Craxtion\Craxtion4\Craxtion.exe:*:Enabled: "
"C:\Program Files\Dell\Dell Webcam Center\LiveCamDe.exe"="C:\Program Files\Dell\Dell Webcam Center\LiveCamDe.exe:*:Enabled:LiveCam.exe"
"C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe"="C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe:*:Enabled:InternetCalls"
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe"="C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\Halo CE Portable Edition By Am3n\App\haloce.exe"="C:\Halo CE Portable Edition By Am3n\App\haloce.exe:*:Enabled:Halo"
"C:\Program Files\XLink Kai\kaiEngine.exe"="C:\Program Files\XLink Kai\kaiEngine.exe:*:Enabled:XLink Kai Engine"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2351f03c-ea37-11dd-98ea-001d09bd11a2}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SanDisk-Games.exe


======List of files/folders created in the last 1 months======

2009-09-02 14:38:58 ----D---- C:\rsit
2009-08-30 14:11:45 ----SHD---- C:\RECYCLER
2009-08-29 14:46:16 ----A---- C:\ComboFix.txt
2009-08-29 14:37:38 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-29 14:25:28 ----A---- C:\Boot.bak
2009-08-29 14:25:15 ----RASHD---- C:\cmdcons
2009-08-24 09:57:48 ----A---- C:\WINDOWS\zip.exe
2009-08-24 09:57:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-24 09:57:48 ----A---- C:\WINDOWS\SWSC.exe
2009-08-24 09:57:48 ----A---- C:\WINDOWS\SWREG.exe
2009-08-24 09:57:48 ----A---- C:\WINDOWS\sed.exe
2009-08-24 09:57:48 ----A---- C:\WINDOWS\PEV.exe
2009-08-24 09:57:48 ----A---- C:\WINDOWS\grep.exe
2009-08-24 09:46:51 ----D---- C:\WINDOWS\ERDNT
2009-08-24 09:41:43 ----D---- C:\Qoobox
2009-08-17 21:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-16 13:28:00 ----D---- C:\Program Files\Trend Micro
2009-08-16 13:24:32 ----D---- C:\Program Files\ERUNT
2009-08-15 19:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-15 19:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-15 19:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-15 19:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-15 18:59:58 ----D---- C:\ecbd25c7c40e7dcb99ca1e38a6
2009-08-15 18:59:35 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-15 18:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-15 18:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-15 18:54:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-15 18:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-15 18:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

======List of files/folders modified in the last 1 months======

2009-09-02 14:38:41 ----D---- C:\WINDOWS\Prefetch
2009-09-02 14:20:02 ----D---- C:\Program Files\Mozilla Firefox
2009-09-02 11:56:04 ----D---- C:\WINDOWS\Temp
2009-09-02 10:44:54 ----D---- C:\WINDOWS
2009-09-02 10:44:44 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-09-01 21:16:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-30 15:13:35 ----D---- C:\WINDOWS\system32\Restore
2009-08-29 23:20:16 ----D---- C:\Documents and Settings\Luke\Application Data\uTorrent
2009-08-29 14:46:19 ----D---- C:\WINDOWS\system32
2009-08-29 14:43:02 ----A---- C:\WINDOWS\system.ini
2009-08-29 14:41:10 ----D---- C:\WINDOWS\system32\drivers
2009-08-29 14:41:10 ----D---- C:\WINDOWS\AppPatch
2009-08-29 14:41:06 ----D---- C:\Program Files\Common Files
2009-08-29 14:37:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-29 14:25:28 ----RASH---- C:\boot.ini
2009-08-24 10:31:12 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-24 10:18:57 ----D---- C:\WINDOWS\system32\config
2009-08-24 10:17:47 ----SHD---- C:\WINDOWS\Installer
2009-08-23 11:33:36 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-18 17:23:53 ----A---- C:\WINDOWS\wininit.ini
2009-08-18 16:50:56 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-17 21:40:51 ----HD---- C:\WINDOWS\inf
2009-08-17 21:39:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-17 21:11:37 ----D---- C:\WINDOWS\Minidump
2009-08-16 13:28:00 ----RD---- C:\Program Files
2009-08-16 13:21:28 ----HD---- C:\$AVG8.VAULT$
2009-08-16 12:32:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-15 21:01:13 ----D---- C:\Program Files\Outlook Express
2009-08-15 19:07:20 ----A---- C:\WINDOWS\imsins.BAK
2009-08-15 19:06:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-15 19:06:02 ----RSD---- C:\WINDOWS\assembly
2009-08-15 19:05:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-15 19:05:06 ----D---- C:\WINDOWS\WinSxS
2009-08-15 19:00:59 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-15 19:00:56 ----D---- C:\WINDOWS\system32\en-US
2009-08-15 19:00:50 ----RSD---- C:\WINDOWS\Fonts
2009-08-15 18:57:34 ----D---- C:\Program Files\Internet Explorer
2009-08-12 00:28:51 ----D---- C:\Program Files\Common Files\Adobe
2009-08-09 21:16:02 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-08-05 10:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 18:18:25 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-17 108552]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2004-07-30 31654]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-01-17 21425]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 CamthWDM;WebcamMax, WDM Video Capture; C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2008-02-09 941784]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-04-23 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-05-08 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-05-08 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-05-08 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-05-08 45568]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTCAMDRV;Mobiola Web Camera driver; C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-23 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-23 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5707744]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-05-09 2203520]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
R3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-06-06 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-06-03 202912]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-23 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 orabwqwhentixgow;orabwqwhentixgow; C:\WINDOWS\system32\drivers\orabwqwhentixgow.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-13 31744]
S3 a162hdut;a162hdut; C:\WINDOWS\system32\drivers\a162hdut.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
S3 catchme;catchme; \??\C:\DOCUME~1\Luke\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FTDIBUS;SEMC DSS-20 SyncStation Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2003-02-21 19153]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-01-21 26248]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-14 47360]
S3 PsSdk41;PsSdk41; \??\C:\WINDOWS\system32\Drivers\pssdk41.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys []
S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 38448]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva120;XDva120; \??\C:\WINDOWS\system32\XDva120.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2004-04-15 73728]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-11 152984]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-01-26 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]

-----------------EOF-----------------

 

[prozak]

info.txt

info.txt logfile of random's system information tool 1.06 2009-09-02 14:39:29

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
55mm v7.5 for Adobe Photoshop & Compatible Applications-->C:\WINDOWS\unvise32.exe f:\adobe photoshop cs3\55mm_v7.5_uninstal.log
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battery Doubler 1.2.1-->"C:\Program Files\Dachshund Software\Battery Doubler\Uninstall.exe" "C:\Program Files\Dachshund Software\Battery Doubler\install.log"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins000.exe"
Comical 0.8-->"C:\Program Files\Comical\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Craxtion4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16ACC3B-A84E-46B2-B6B4-0E088A94A944}\setup.exe" -l0x9 -removeonly
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
DELL Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Region+CSS Free 5.9.8.3-->"C:\Program Files\DVD Region+CSS Free\unins000.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Flash Decompiler Trillix-->"C:\Program Files\Eltima Software\Flash Decompiler Trillix\unins000.exe"
Game Optimizer Pro 1.02-->"C:\Program Files\Game Optimizer Pro\unins000.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Maps Downloader 4.80-->"C:\Program Files\gmd\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
InternetCalls-->"C:\Program Files\InternetCalls.com\InternetCalls\unins000.exe"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JBidwatcher 2-->C:\Program Files\CyberFOX Software\JBidwatcher2\Uninstall.exe
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mobiola Web Camera Lite-->"C:\Program Files\Mobiola Web Camera Lite\unins000.exe"
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
MyPhoneExplorer-->C:\Program Files\MyPhoneExplorer\uninstall.exe
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Real Alternative 1.7.5-->"C:\Program Files\Real Alternative\unins000.exe"
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SEMC DSS-20 SyncStation Driver-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnagIt 8-->MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StreamPlug Player-->c:/Program Files/Cedelia/StreamPlug\StreamPlug Player.exe --uninstall
The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Tiscali Internet-->MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
TMPGEnc 4.0 XPress-->MsiExec.exe /I{ED80F174-B621-4B8F-BBB9-3E031A59555A}
Tracks Eraser Pro v6.0-->"C:\Program Files\Acesoft\Tracks Eraser Pro\unins000.exe"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.4.1.0-->C:\Program Files\TVUPlayer\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Videora iPod touch Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Visual Pinball-->MsiExec.exe /I{419EE2A0-0E9B-4312-9689-4FD10738531E}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VLC UnRAR plugin-->"C:\Program Files\VideoLAN\VLC\plugins\vlc-unrar-uninstall.exe"
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
VoipBuster-->"C:\Program Files\VoipBuster.com\VoipBuster\unins000.exe"
VP-Man-->"C:\Program Files\VP-Man\UnInst\unins000.exe"
Watchtower Library 2007 - English-->C:\Program Files\Watchtower\Watchtower Library 2007\E\uninst.exe
WebcamMax-->"C:\Program Files\WebcamMax\uninst.exe"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XLink Kai-->MsiExec.exe /X{2773B836-AC66-4178-A414-C5A0F9F5D805}
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: LULAP
Event Code: 5005
Message: \DEVICE\{FC662B75-5C88-4606-95D2-0AD135903345} : Has encountered an internal error and has failed.

Record Number: 730965
Source Name: NETw4x32
Time Written: 20090901204254.000000+060
Event Type: error
User:

Computer Name: LULAP
Event Code: 5005
Message: \DEVICE\{FC662B75-5C88-4606-95D2-0AD135903345} : Has encountered an internal error and has failed.

Record Number: 730964
Source Name: NETw4x32
Time Written: 20090901204252.000000+060
Event Type: error
User:

Computer Name: LULAP
Event Code: 5005
Message: \DEVICE\{FC662B75-5C88-4606-95D2-0AD135903345} : Has encountered an internal error and has failed.

Record Number: 730963
Source Name: NETw4x32
Time Written: 20090901204252.000000+060
Event Type: error
User:

Computer Name: LULAP
Event Code: 5005
Message: \DEVICE\{FC662B75-5C88-4606-95D2-0AD135903345} : Has encountered an internal error and has failed.

Record Number: 730962
Source Name: NETw4x32
Time Written: 20090901204250.000000+060
Event Type: error
User:

Computer Name: LULAP
Event Code: 5005
Message: \DEVICE\{FC662B75-5C88-4606-95D2-0AD135903345} : Has encountered an internal error and has failed.

Record Number: 730961
Source Name: NETw4x32
Time Written: 20090901204250.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: LULAP
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Record Number: 18687
Source Name: Application Error
Time Written: 20090612152857.000000+060
Event Type: error
User:

Computer Name: LULAP
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x062cc16c.

Record Number: 18686
Source Name: Application Error
Time Written: 20090612152850.000000+060
Event Type: error
User:

Computer Name: LULAP
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 18683
Source Name: usnjsvc
Time Written: 20090612150015.000000+060
Event Type:
User:

Computer Name: LULAP
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 18670
Source Name: usnjsvc
Time Written: 20090612135718.000000+060
Event Type:
User:

Computer Name: LULAP
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 18657
Source Name: usnjsvc
Time Written: 20090611143909.000000+060
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\DLLSHARED;C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\9.0\DLLSHARED;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

 

[katana]

Do you have the Kaspersky Log ?

how are things running ?

 

[prozak]

Hey Katana, things are running fine, I just want a clean system so I can do my internet banking/purchasing etc lol that's the reason really, plus it's annoying not to be able to do a google search without being sent to a random site. Thanks for your help, it really is appreciated. Here's the log, took a whole day!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 2, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 02, 2009 15:35:17
Records in database: 2740131
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 106904
Threats found: 5
Infected objects found: 5
Suspicious objects found: 1
Scan duration: 05:30:56


File name / Threat / Threats count
C:\Documents and Settings\Luke\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-2d901744 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Luke\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-34addfae.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Luke\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Luke\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Sent Items.dbx Infected: Packed.Win32.PePatch.fa 1
C:\Documents and Settings\Luke\Local Settings\temp\plugtmp-1\plugin-readme.pdf Infected: Exploit.JS.Pdfka.ti 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_SKYNETrownthon_.sys.zip Infected: Trojan.Win32.TDSS.amwt 1

Selected area has been scanned.

 

[katana]

Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
Outlook Express\Sent Items.dbx Infected: Packed.Win32.PePatch.fa 1

You need to empty your Sent folder and then the Deleted Items folder in Outlook.

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  File::
  C:\Documents and Settings\Luke\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-2d901744
  C:\Documents and Settings\Luke\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-34addfae.zip
  C:\Documents and Settings\Luke\Local Settings\temp\plugtmp-1\plugin-readme.pdf
  ADS::

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

 

[prozak]

Emptied sent & deleted items from outlook, created the txt file and dragged onto combofix and scan completed, here's the log.

ComboFix 09-08-22.06 - Luke 07/09/2009 21:49.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1431 [GMT 1:00]
Running from: c:\documents and settings\Luke\Desktop\Virus Fix\ComboFix.exe
Command switches used :: c:\documents and settings\Luke\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
"c:\documents and settings\Luke\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-2d901744"
"c:\documents and settings\Luke\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-34addfae.zip"
"c:\documents and settings\Luke\Local Settings\temp\plugtmp-1\plugin-readme.pdf"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Luke\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-2d901744
c:\documents and settings\Luke\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-34addfae.zip
c:\documents and settings\Luke\Local Settings\temp\plugtmp-1\plugin-readme.pdf

.
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-03 17:36 . 2009-09-03 17:38 -------- d-----w- c:\program files\Unlocker
2009-09-02 13:38 . 2009-09-02 13:39 -------- d-----w- C:\rsit
2009-08-16 12:28 . 2009-08-16 12:28 -------- d-----w- c:\program files\Trend Micro
2009-08-16 12:24 . 2009-08-16 12:24 -------- d-----w- c:\program files\ERUNT
2009-08-15 17:59 . 2009-08-15 18:00 -------- d-----w- C:\ecbd25c7c40e7dcb99ca1e38a6
2009-08-15 17:59 . 2009-08-15 20:01 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-11 21:38 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 16:29 . 2009-08-10 16:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-09 13:46 . 2009-08-09 13:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 18:47 . 2001-10-13 13:11 78 ----a-w- c:\windows\battery.dat
2009-09-06 01:36 . 2008-01-22 17:52 -------- d-----w- c:\documents and settings\Luke\Application Data\uTorrent
2009-08-23 10:33 . 2009-02-15 13:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 10:33 . 2009-02-15 13:46 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 10:33 . 2009-02-15 13:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-16 11:32 . 2009-04-23 07:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 20:02 . 2008-01-22 15:48 62256 ----a-w- c:\documents and settings\Luke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 23:28 . 2008-01-17 15:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-09 20:16 . 2008-01-26 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-05 09:01 . 2004-08-10 12:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:18 . 2008-07-10 18:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-02 14:20 . 2008-06-07 17:00 -------- d-----w- c:\program files\Cheat Engine
2009-07-17 19:01 . 2004-08-10 12:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-08-10 12:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 18:47 . 2009-07-09 18:41 5589408 ----a-w- c:\documents and settings\Luke\Application Data\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
2009-07-03 17:09 . 2004-08-10 12:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-10 12:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 12:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-10 12:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 12:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2004-08-10 13:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 12:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2008-02-28 00:03 . 2008-02-28 00:03 197 --sha-w- c:\program files\Common Files\maxtreme.dat
2008-01-27 20:45 . 2008-01-17 15:03 76 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( SnapShot@2009-08-24_09.24.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-07 18:47 . 2009-09-07 18:47 16384 c:\windows\Temp\Perflib_Perfdata_208.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-05 160592]
"Tracks Eraser Pro"="c:\program files\Acesoft\Tracks Eraser Pro\te.exe" [2007-01-16 1335296]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-11 136600]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" [2008-02-09 456024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-23 2007832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-06-06 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Luke\Start Menu\Programs\Startup\
Battery Doubler.lnk - c:\program files\Dachshund Software\Battery Doubler\Battery Doubler.exe [2002-9-21 1534267]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-2-3 3581680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-11-23 114688]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-17 50688]
Phone Connection Monitor.lnk - c:\program files\Sony Ericsson\Mobile\audevicemgr.exe [2008-6-8 754176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 10:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Team Craxtion\\Craxtion4\\Craxtion.exe"=
"c:\\Program Files\\Dell\\Dell Webcam Center\\LiveCamDe.exe"=
"c:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"c:\\Halo CE Portable Edition By Am3n\\App\\haloce.exe"=
"c:\\Program Files\\XLink Kai\\kaiEngine.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [21/01/2008 20:28 21512]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/02/2009 14:46 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/02/2009 14:47 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15/02/2009 14:45 297752]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [09/02/2008 05:58 941784]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [10/08/2004 13:51 14336]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [16/09/2008 23:15 219264]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [17/01/2008 15:32 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [17/01/2008 15:32 7424]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [21/01/2008 20:28 26248]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [07/09/2008 08:58 36928]
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys --> c:\windows\system32\XDva120.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2008-10-30 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2004-08-10 00:12]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080117
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 203.162.183.222:80
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\2ltdm4nj.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 21:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2071560091-4037542173-4045409059-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8141D874-02E7-3B03-461F-59ADDF4FDF86}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakldgdlldeopaokgk"=hex:6a,61,70,68,70,6a,68,6a,69,63,6d,69,66,68,62,6e,6a,6c,
62,68,00,02
"haelnpfodgcokpin"=hex:6a,61,70,68,6f,6a,63,6a,68,62,6f,6e,70,6c,61,65,61,67,
6c,70,00,00
.
Completion time: 2009-09-07 21:56
ComboFix-quarantined-files.txt 2009-09-07 20:56
ComboFix2.txt 2009-08-29 13:46
ComboFix3.txt 2009-08-24 09:32

Pre-Run: 450,088,960 bytes free
Post-Run: 561,000,448 bytes free

204 --- E O F --- 2009-08-17 20:39

 

[katana]

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix

• This will clear your System Volume Information restore points and remove all the infected files that were quarantined
• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • 

OTCleanup
Please download OTCleanup from HERE
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced and any other tools we have downloaded.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

• 
  AntiSpyware is not the same thing as Antivirus.
  Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
  You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
  Most of the programs in this list have a free (for Home Users ) and paid versions,
  it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
• Spybot - Search & Destroy <<< A must have program
  • It includes host protection and registry protection
  • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
• MalwareBytes Anti-malware <<< A New and effective program
• a-squared Free <<< A good "realtime" or "on demand" scanner
• superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

• 
  These programs don't detect malware, they help stop it getting on your machine in the first place.
  Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 4.0
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

• 
  Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
  Using a different web browser can help stop malware getting on your machine.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       • Change the Download signed ActiveX controls to Prompt
       • Change the Download unsigned ActiveX controls to Disable
       • Change the Initialise and script ActiveX controls not marked as safe to Disable
       • Change the Installation of desktop items to Prompt
       • Change the Launching programs and files in an IFRAME to Prompt
       • Change the Navigate sub-frames across different domains to Prompt
       • When all these settings have been made, click on the OK button.
       • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

• 
  Temporary Internet Files are mainly the files that are downloaded when you open a web page.
  Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
  It is a good idea to empty the Temporary Internet Files folder on a regular basis.
  
  Tracking Cookies are files that websites use to monitor which sites you visit and how often.
  A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
  CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
  
  Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'