win32.tdss.rtk

[fdpatches]

I forgot to add how the computer is running. I did several google searches and none were redirected. Also I checked the java under add/remove programs and I have Java 6 update 14 and Java 6 update 7 can I just delete the old one since JavaRA I cannot access? Also the only reason I knew about the problem was AVG and spybot picked it up. I haven't done any of those scans since we started.

Thanks for all you help so far.

Tom

 

[Bio-Hazard]

I forgot to add how the computer is running. I did several google searches and none were redirected. Also I checked the java under add/remove programs and I have Java 6 update 14 and Java 6 update 7 can I just delete the old one since JavaRA I cannot access? Also the only reason I knew about the problem was AVG and spybot picked it up. I haven't done any of those scans since we started.

Thanks for all you help so far.

Tom

Hello!

Yes, you can just remove the older version through add/remove panel. You can do scan with Spybot and AVG, if they find something please post the result fot me to see.

I want to check one registry entry so please run this batch file and post the result to me.

Batch file - reginfo.bat

• Open Notepad (not wordpad) by click start
• Click Run
• Type notepad into the box and click enter
• Notepad will open
• Copy and Paste everything from the Code box into Notepad (not wordpad):
  
  

  regedit /e regexport.txt "HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™õw$µ
  *"
  start regexport.txt

• Make sure there are NO blank lines before @echo off
• Make sure there IS one blank line at the end of the file.
• Go to File > Save As
• Save File name as reginfo.bat
• Change Save as Type to All Files and save the file to your desktop.
• Close Notepad
• Double-click reginfo.bat on your Desktop
• Post back with the text that will open in notepad.

 

[fdpatches]

Hello!

Yes, you can just remove the older version through add/remove panel. You can do scan with Spybot and AVG, if they find something please post the result fot me to see.

I want to check one registry entry so please run this batch file and post the result to me.

Batch file - reginfo.bat

• Open Notepad (not wordpad) by click start
• Click Run
• Type notepad into the box and click enter
• Notepad will open
• Copy and Paste everything from the Code box into Notepad (not wordpad):
  
  

  regedit /e regexport.txt "HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™õw$µ
  *"
  start regexport.txt

• Make sure there are NO blank lines before @echo off
• Make sure there IS one blank line at the end of the file.
• Go to File > Save As
• Save File name as reginfo.bat
• Change Save as Type to All Files and save the file to your desktop.
• Close Notepad
• Double-click reginfo.bat on your Desktop
• Post back with the text that will open in notepad.

Hello,
I do not see any line that says echo off?

Thanks,
Tom

 

[Bio-Hazard]

Sorry Tom, that was my mistake.

Batch file - reginfo.bat

• Open Notepad (not wordpad) by click start
• Click Run
• Type notepad into the box and click enter
• Notepad will open
• Copy and Paste everything from the Code box into Notepad (not wordpad):
  
  

  regedit /e regexport.txt "HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™õw$µ
  *"
  start regexport.txt

• Go to File > Save As
• Save File name as reginfo.bat
• Change Save as Type to All Files and save the file to your desktop.
• Close Notepad
• Double-click reginfo.bat on your Desktop
• Post back with the text that will open in notepad.

 

[fdpatches]

So far I was only able to run spybot it only found 30 cookies and an ebay toolbar which I have no idea what it is and don't use it.

Thanks,
Tom

PS gonna run AVG while I sleep and I will post results

 

[fdpatches]

AVG says there are 2 infections that it couldn't heal and 1 spyware that it removed I think they were files that were in kazaa and were deleted??
Thanks,
Tom

"C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP969\A0224244.exe:\DVD Copy Plus 4.0 Crack\Run DVD Copy Plus.exe";"Trojan horse Generic12.ATFF";"Infected"

"C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP969\A0224244.exe";"Trojan horse Generic12.ATFF";"Infected"


"C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP969\A0224366.exe";"Adware Generic2.YCK";"Moved to Virus Vault"

 

[fdpatches]

tried the last thing and it says it could not find regexport.txt?

Thanks,
Tom

 

[Bio-Hazard]

tried the last thing and it says it could not find regexport.txt?

Thanks,
Tom

Hello!

I am just looking into it.

 

[Bio-Hazard]

Hello!

Those AVG entries are all in system restore which we will get rid of when we are done. So no need to worry about those entries.


Run CFScript

• Close any open browsers.
• Open Notepad by click start
• Click Run
• Type notepad into the box and click enter
• Notepad will open
• Copy and Paste everything from the Code box into Notepad:

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™õw$µ*]

• Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)
  
  
  
• Refering to the picture below, drag CFScript into ComboFix.exe
  
  
  
• When finished, it shall produce a log for you at C:\ComboFix.txt

NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.



Batch file - reginfo.bat

• Open Notepad (not wordpad) by click start
• Click Run
• Type notepad into the box and click enter
• Notepad will open
• Copy and Paste everything from the Code box into Notepad (not wordpad):
  
  

  regedit /e regexport.txt "HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™õw$µ*"
  start regexport.txt

• Go to File > Save As
• Save File name as reginfo.bat
• Change Save as Type to All Files and save the file to your desktop.
• Close Notepad
• Double-click reginfo.bat on your Desktop
• Post back with the text that will open in notepad.

Next Reply

Please reply with:

• batch info
• ComboFix log (found at C:\Combofix.txt)
• New HijackThis log

 

[fdpatches]

here is the log..
still cannot find regexport


ComboFix 09-08-01.06 - Owner 08/02/2009 9:29.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.407 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Owner\Local Settings\temp\catchme.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-01 12:48 . 2009-08-01 12:48 -------- d-----w- C:\_OTM
2009-07-27 12:45 . 2009-07-27 12:45 -------- d-----w- c:\program files\ERUNT
2009-07-14 19:20 . 2009-07-14 19:20 410984 ----a-w- c:\winnt\system32\deploytk.dll
2009-07-14 19:19 . 2009-07-14 19:19 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 13:45 . 2005-12-15 13:21 -------- d-----w- c:\program files\BOINC
2009-08-01 18:38 . 2003-06-05 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-01 17:51 . 2004-04-03 22:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 17:40 . 2005-01-30 19:17 -------- d-----w- c:\program files\Java
2009-08-01 12:56 . 2008-04-23 17:06 16314380 --sha-w- c:\winnt\system32\drivers\fidbox.idx
2009-08-01 12:56 . 2008-04-23 17:06 1393936416 --sha-w- c:\winnt\system32\drivers\fidbox.dat
2009-07-30 20:42 . 2003-11-27 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-30 20:39 . 2004-01-06 21:03 -------- d-----w- c:\program files\WinMX
2009-07-30 16:39 . 2002-03-15 02:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-23 19:56 . 2008-07-01 12:32 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-07-18 12:45 . 2009-01-28 21:14 335752 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-07-14 17:18 . 2002-03-28 18:39 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-07-14 17:17 . 2004-11-11 13:16 -------- d-----w- c:\program files\AvantGo
2009-07-14 17:17 . 2002-03-15 00:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 17:15 . 2002-11-22 19:29 -------- d-----w- c:\program files\EA GAMES
2009-07-14 17:14 . 2006-07-20 20:08 -------- d-----w- c:\program files\America's Army
2009-07-14 17:14 . 2006-07-20 20:10 -------- d-----w- c:\program files\America's Army Server Manager
2009-07-14 17:09 . 2002-05-25 18:21 -------- d-----w- c:\program files\Nancy Drew
2009-07-14 13:41 . 2009-01-29 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 13:40 . 2009-03-23 18:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 17:36 . 2009-01-29 22:19 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-01-29 22:19 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-06-24 13:33 . 2009-01-28 21:14 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
2009-06-24 13:33 . 2007-03-06 00:13 27784 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-06-23 23:18 . 2002-03-20 19:47 -------- d-----w- c:\program files\Hasbro Interactive
2009-06-18 12:26 . 2009-06-18 12:26 29696 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}\IconF0CEFCC9.exe
2009-06-18 12:21 . 2009-05-21 17:21 -------- d-----w- c:\program files\Verizon
2009-05-08 12:42 . 2009-01-28 21:14 108552 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2003-08-27 19:19 . 2003-10-30 11:31 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-07-18 13:01 . 2009-02-03 21:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-27_19.39.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 12:58 . 2009-08-01 12:58 16384 c:\winnt\Temp\Perflib_Perfdata_718.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-11-12 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2001-11-27 40960]
"UpdReg"="c:\winnt\Updreg.exe" [1999-11-12 86016]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-04 684032]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SM1BG"="c:\winnt\SM1BG.EXE" [2003-08-27 94208]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-06 50688]
"PSPVideo9"="c:\program files\pspvideo9\pspVideo9.exe" [2005-05-25 643072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-21 180269]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-16 69705]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"HostManager"="c:\program files\Common Files\AOL\1180989014\ee\AOLSoftware.exe" [2006-09-26 50736]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" - c:\winnt\system32\SK9910DM.EXE [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" - c:\winnt\GWMDMMSG.exe [2001-11-27 101615]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\winnt\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2006-5-5 1966080]
HotSync Manager.lnk - c:\program files\Handspring\HOTSYNC.EXE [2003-3-17 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ZoneAlarm.lnk - c:\program files\Zone Labs\ZoneAlarm\zonealarm.exe [2003-6-5 50664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 13:33 11952 ----a-w- c:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1180989014\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\KartRider\\NMService.exe"=
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [1/28/2009 5:14 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [1/28/2009 5:14 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/24/2009 9:33 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/6/2009 10:53 AM 298776]
S3 Gcr432;Gcr432;c:\winnt\system32\drivers\gcr432.sys [10/4/2001 3:18 PM 53701]
S3 PacketNTx;Packet helper driver;c:\winnt\system32\drivers\PacketNTx.sys [11/27/2002 12:30 PM 24544]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 VisorUsb;Handspring USB;c:\winnt\system32\DRIVERS\VisorUsb.sys --> c:\winnt\system32\DRIVERS\VisorUsb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-31 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.runevillage.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.net
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
Trusted Zone: taxslayer.com\www
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ryzeoko5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]
"ImagePath"="\??\c:\winnt\System32\Drivers\HNPsSdk.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™õw$µ
*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6118"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\winnt\System32\iac25_32.ax
.
Completion time: 2009-08-02 9:53
ComboFix-quarantined-files.txt 2009-08-02 13:53
ComboFix2.txt 2009-07-30 17:08
ComboFix3.txt 2009-07-27 19:46

Pre-Run: 43,822,804,992 bytes free
Post-Run: 43,773,415,424 bytes free

245 --- E O F --- 2009-02-09 14:06


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:20 AM, on 8/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 11968 bytes

 

[fdpatches]

Hello,
I just had a google redirect search, when I went back and reclicked it it went to the right site, not sure if it was a fluke or what, I tried a few more searches and they were all fine.

Thanks,
Tom

 

[Bio-Hazard]

Hello,
I just had a google redirect search, when I went back and reclicked it it went to the right site, not sure if it was a fluke or what, I tried a few more searches and they were all fine.

Hello!

Thank you for your reply.

Lets see if it was jsuta fluke. Did this happen with firefox or IE?



GooredFix

Please download GooredFix from one of the locations below and save it to your Desktop
LINK 1
LINK 2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

random's system information tool (RSIT)

• Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  • log.txt (<<will be maximized)
  • info.txt (<<will be minimized)
• Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

• GooredFix.txt
• RSIT Logs,log.txt (<<will be maximized) and info.txt (<<will be minimized)
• A description of how your computer is behaving

 

[fdpatches]

Hello,
it happened with firefox.


GooredFix by jpshortstuff (12.07.09)
Log created at 18:23 on 03/08/2009 (Owner)
Firefox version 3.5.1 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:13 30/01/2005]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [19:20 14/07/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [21:14 28/01/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:20 14/07/2009]

-=E.O.F=-

 

[fdpatches]

it had me run a program owner.exe I hope it was ok.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-03 18:26:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 42 GB (36%) free of 114 GB
Total RAM: 1023 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:41 PM, on 8/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Documents and Settings\Owner\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 11967 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-18 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-23 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-27 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-09 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-14 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-23 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-07-10 339968]
"Hot Key Kbd 9910 Daemon"=C:\WINNT\system32\SK9910DM.EXE [2001-01-03 66048]
"GWMDMMSG"=C:\WINNT\GWMDMMSG.exe [2001-11-27 101615]
"GWMDMpi"=C:\WINNT\GWMDMpi.exe [2001-11-27 40960]
"UpdReg"=C:\WINNT\Updreg.exe [1999-11-12 86016]
"AdaptecDirectCD"=C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-04 684032]
"CapFax"=C:\Program Files\PhoneTools\CapFax.EXE [2001-11-07 20480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
"Pure Networks Port Magic"=C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe [2004-05-07 99480]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
"SM1BG"=C:\WINNT\SM1BG.EXE [2003-08-27 94208]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-06 50688]
"PSPVideo9"=C:\Program Files\pspvideo9\pspVideo9.exe [2005-05-25 643072]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-12-21 180269]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-06-21 35328]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE [2004-06-15 69705]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]
"HostManager"=C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe [2006-09-25 50736]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-13 919016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-24 1948440]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2009-03-10 1553920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-14 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe [2004-04-16 196608]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-30 39408]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-11-12 2321600]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
ZoneAlarm.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe
HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINNT\system32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINNT\system32\avgrsstx.dll [2009-06-24 11952]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\AOL\1180989014\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1180989014\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\KartRider\NMService.exe"="C:\Nexon\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINNT\system32\PnkBstrA.exe"="C:\WINNT\system32\PnkBstrA.exe:*:EnablednkBstrA"
"C:\WINNT\system32\PnkBstrB.exe"="C:\WINNT\system32\PnkBstrB.exe:*:EnablednkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"

======List of files/folders created in the last 1 months======

2009-08-03 18:26:08 ----D---- C:\rsit
2009-08-02 09:53:09 ----A---- C:\ComboFix.txt
2009-08-01 08:48:15 ----D---- C:\_OTM
2009-07-27 15:00:31 ----A---- C:\Boot.bak
2009-07-27 15:00:12 ----RASHD---- C:\cmdcons
2009-07-27 14:57:20 ----A---- C:\WINNT\zip.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\SWXCACLS.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\SWSC.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\SWREG.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\sed.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\PEV.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\NIRCMD.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\grep.exe
2009-07-27 14:44:40 ----D---- C:\Qoobox
2009-07-27 08:46:09 ----D---- C:\WINNT\ERDNT
2009-07-27 08:45:01 ----D---- C:\Program Files\ERUNT
2009-07-14 15:20:31 ----A---- C:\WINNT\system32\javaws.exe
2009-07-14 15:20:31 ----A---- C:\WINNT\system32\javaw.exe
2009-07-14 15:20:31 ----A---- C:\WINNT\system32\java.exe
2009-07-14 15:20:31 ----A---- C:\WINNT\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-08-03 18:26:00 ----D---- C:\Program Files\BOINC
2009-08-03 18:24:12 ----D---- C:\Program Files\Mozilla Firefox
2009-08-03 18:12:05 ----D---- C:\WINNT\Internet Logs
2009-08-03 08:09:29 ----D---- C:\WINNT\Temp
2009-08-02 09:53:14 ----AD---- C:\WINNT\system32
2009-08-02 09:44:02 ----AD---- C:\WINNT
2009-08-02 09:44:02 ----A---- C:\WINNT\system.ini
2009-08-02 09:38:50 ----D---- C:\WINNT\system32\drivers
2009-08-02 09:38:50 ----D---- C:\WINNT\AppPatch
2009-08-02 09:38:36 ----D---- C:\Program Files\Common Files
2009-08-02 09:29:12 ----D---- C:\WINNT\system32\CatRoot2
2009-08-02 09:28:28 ----A---- C:\WINNT\SchedLgU.Txt
2009-08-01 16:37:14 ----HD---- C:\$AVG8.VAULT$
2009-08-01 14:38:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-01 13:51:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-01 13:40:32 ----SHD---- C:\WINNT\Installer
2009-08-01 13:40:23 ----D---- C:\Program Files\Java
2009-08-01 09:01:27 ----A---- C:\WINNT\ModemLog_GTW V.92 Voice Modem.txt
2009-08-01 08:48:43 ----AD---- C:\Program Files
2009-07-31 19:04:41 ----A---- C:\WINNT\win.ini
2009-07-30 16:42:28 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-07-30 16:39:33 ----D---- C:\Program Files\WinMX
2009-07-30 16:36:20 ----A---- C:\VETlog.txt
2009-07-30 12:39:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-29 09:09:57 ----D---- C:\WINNT\ShellNew
2009-07-29 09:08:29 ----SD---- C:\WINNT\Tasks
2009-07-27 15:44:53 ----RSHD---- C:\WINNT\system32\dllcache
2009-07-27 15:32:16 ----SD---- C:\WINNT\Downloaded Program Files
2009-07-27 15:00:32 ----RASH---- C:\boot.ini
2009-07-27 14:44:23 ----D---- C:\WINNT\Prefetch
2009-07-27 13:12:11 ----D---- C:\WINNT\Minidump
2009-07-26 13:32:15 ----A---- C:\WINNT\WININIT.INI
2009-07-26 12:47:44 ----A---- C:\WINNT\ntbtlog.txt
2009-07-14 13:18:54 ----D---- C:\Program Files\Return to Castle Wolfenstein
2009-07-14 13:18:49 ----A---- C:\WINNT\Rtcw.INI
2009-07-14 13:17:56 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-14 13:17:56 ----D---- C:\WINNT\Help
2009-07-14 13:17:56 ----D---- C:\Program Files\AvantGo
2009-07-14 13:15:09 ----D---- C:\Program Files\EA GAMES
2009-07-14 13:14:08 ----D---- C:\Program Files\America's Army
2009-07-14 13:14:05 ----D---- C:\Program Files\America's Army Server Manager
2009-07-14 13:09:04 ----D---- C:\Program Files\Nancy Drew
2009-07-14 09:41:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2009-07-18 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINNT\System32\Drivers\avgmfx86.sys [2009-06-24 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2009-05-08 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2006-05-19 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-05-19 2560]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2002-12-04 240640]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 KLIF;KLIF; C:\WINNT\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 pwd_2K;pwd_2K; C:\WINNT\system32\drivers\pwd_2K.sys [2002-12-04 134426]
R1 Sk9920nt;PS/2 Keyboard Filter Driver for NT 4.0; C:\WINNT\System32\DRIVERS\Sk9920nt.sys [2000-09-12 6208]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINNT\system32\drivers\UdfReadr_xp.sys [2002-12-04 206464]
R1 vsdatant;vsdatant; C:\WINNT\System32\vsdatant.sys [2008-03-13 394952]
R2 MxlW2k;MxlW2k; C:\WINNT\system32\drivers\MxlW2k.sys [2002-03-19 27924]
R2 PfModNT;PfModNT; \??\C:\WINNT\System32\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINNT\system32\drivers\ATIRWVD.SYS [2003-12-15 257872]
R3 ati2mtag;ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [2004-07-10 747008]
R3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2001-11-06 119808]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 GTWModem;GTW V.92 Voice Modem; C:\WINNT\System32\DRIVERS\GWMDM.sys [2001-11-27 1143360]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 itchfltr;iTouch Keyboard Filter; C:\WINNT\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB Root Hub (usbport); C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [2002-07-16 33588]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BCMModem;BCM V.90 56K Modem; C:\WINNT\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 BRIDGE;MAC Bridge; C:\WINNT\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINNT\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 ctljystk;Creative SBLive! Gameport; C:\WINNT\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINNT\System32\DRIVERS\Dot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINNT\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINNT\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINNT\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2002-12-04 25674]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINNT\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 emu10k;Creative SB Live! Value (WDM); C:\WINNT\system32\drivers\emu10k1f.sys [2001-12-18 777088]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINNT\system32\drivers\ctlface.sys [2001-12-18 6912]
S3 Gcr432;Gcr432; C:\WINNT\System32\Drivers\gcr432.sys [2001-10-04 53701]
S3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2002-12-04 30406]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NPPTNT2;NPPTNT2; \??\C:\WINNT\system32\npptNT2.sys []
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 PacketNTx;Packet helper driver; \??\C:\WINNT\system32\drivers\PacketNTx.sys []
S3 PalmUSBD;PalmUSBD; C:\WINNT\system32\drivers\PalmUSBD.sys [2003-03-17 16509]
S3 PCDRDRV;Pcdr Helper Driver; \??\C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 PcdrNt;PcdrNt; C:\WINNT\System32\drivers\PcdrNt.sys [2000-03-23 44192]
S3 PSSdk21;PSSdk21; \??\C:\WINNT\System32\Drivers\HNPsSdk.drv []
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINNT\system32\drivers\sfman.sys [2001-12-18 36992]
S3 Sk99202k;PS/2 Keyboard Filter Driver for Win2000; C:\WINNT\System32\DRIVERS\Sk99202k.sys [2000-09-11 7552]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbser;Magellan eXplorist USB Modem Driver; C:\WINNT\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VisorUsb;Handspring USB; C:\WINNT\System32\DRIVERS\VisorUsb.sys []
S3 WpdUsb;WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [2004-09-22 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [2004-07-10 385024]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-18 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-24 298776]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINNT\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-14 152984]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-02-20 303104]
R2 PnkBstrA;PnkBstrA; C:\WINNT\system32\PnkBstrA.exe [2007-11-23 66872]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\System32\wdfmgr.exe [2004-09-22 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINNT\system32\ZoneLabs\vsmon.exe [2008-03-13 75304]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINNT\wanmpsvc.exe [2003-08-27 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S2 ATI Smart;ATI Smart; C:\WINNT\system32\ati2sgag.exe [2004-07-10 516096]
S2 GEARSecurity;GEARSecurity; C:\WINNT\SYSTEM32\GEARSEC.EXE [2002-09-25 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-09 182768]
S3 PictureTaker;PictureTaker; c:\fixit\pt\PCTKRNT.SYS []
S3 usprserv;User Privilege Service; C:\WINNT\System32\svchost.exe [2004-08-04 14336]
S3 x10nets;X10 Device Network Service; C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe []

-----------------EOF-----------------

 

[fdpatches]

info.txt logfile of random's system information tool 1.06 2009-08-03 18:26:52

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SBLiveXP.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Wstudio.isu"
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->C:\WINNT\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINNT\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINNT\UNNeroShowTime.exe /UNINSTALL
-->C:\WINNT\UNNeroVision.exe /UNINSTALL
-->C:\WINNT\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
2002 TaxSlayer OLF-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5FC73EB1-B966-43D7-84B5-888970C24CB8}
3D Groove Playback Engine-->RunDll32 C:\WINNT\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
911 Fire Rescue-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D23EC0BD-D6B6-4E2E-BA60-BDFB67C428B6}\setup.exe" -uninst
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ARC-EazyStream Client-->MsiExec.exe /I{7B3F18E1-7DAA-4953-B7A0-BFA8A06FD25B}
Army Men RTS-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4DB775C7-E32D-11D5-B2A8-00C04F538F89} /x
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Decoder-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDE28287-D32C-415E-9C97-2BF9F9260150} /l1033
ATI Display Driver-->rundll32 C:\WINNT\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Multimedia Center 9.01-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8988F5D0-C83F-41F4-B41B-86031F9B37F5} /l1033
ATI Remote Wonder 2.3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3347F781-9C89-4C9B-B471-B1FFC3BC4A84} /l1033
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bob the Builder - Bob's Castle Adventure-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E993AC6-2086-4CAA-9486-702D28B296C0}\setup.exe" -l0x9
Bob the Builder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36373CE1-6999-11D5-96DC-98302790D441}\setup.exe"
BOINC-->MsiExec.exe /I{975CA8AD-809D-46A1-B505-10B42B75F8C1}
Call of Duty - United Offensive-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Chuzzle Deluxe 1.01-->C:\Program Files\PopCap Games\Chuzzle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Chuzzle Deluxe\Install.log"
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer Renegade-->C:\Westwood\Renegade\Uninstll.exe
Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Creative PlayCenter-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\PlayCenter\Player.isu"
Creative Recorder-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\Recorder\Recorder.isu"
Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Day of Defeat-->C:\WINNT\IsUninst.exe -fC:\SIERRA\Half-Life\Uninst.isu
Diner Dash®: Flo on the Go-->C:\PROGRA~1\SHOCKW~1.COM\DINERD~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\DINERD~1\INSTALL.LOG
Dora Lost City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{747C231B-062D-4586-8221-8E7870987D5B}\setup.exe" -l0x9 -uninst
DVD Copy Plus-->MsiExec.exe /I{2E661193-B28F-4D59-A534-9E0D294B39F8}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 2.9.7.3-->"C:\Program Files\DVDFab Decrypter\unins000.exe"
DVDXCopy (remove only)-->C:\Program Files\321Studios\DVDXCopy\Uninst.exe
EACOM Game Installer-->C:\Program Files\EAcom\GILS\uninstall.exe C:\PROGRA~1\EAcom\GILS\INSTALL.LOG
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Easy CD-DA Extractor 8.0.2-->"C:\WINNT\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 8\irunin.xml"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
eXplorist Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92A40DC2-0ECD-4602-A79E-1DC53545C6EE}\setup.exe" -l0x9
FDNY Firefighter: American Hero-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A68F551-E5FB-4130-BAB8-294A5250887A}\Setup.exe" -l0x9
Fisher Price ABC 32-->C:\WINNT\uninst.exe -f"C:\Program Files\Davidson\FPABC32\DeIsL1.isu"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GTW V.92 Voice Modem-->C:\WINNT\GWMDMU.exe verbose
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
Handmark Monopoly-->C:\WINNT\unvise32.exe C:\Program Files\Handmark\Monopoly\uninstal.log
Harry Potter II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.exe" -l0x9 Uninstall
HelpSpot-->MsiExec.exe /I{8DE73C0C-34EA-4888-86DB-EEDB9B69DB94}
Hidden Expedition - Titanic (remove only)-->"C:\Program Files\Yahoo! Games\Hidden Expedition - Titanic\Uninstall.exe"
Hidden Expedition Titanic (remove only)-->C:\Program Files\Hidden Expedition Titanic\Uninstall.exe
Hidden Mysteries: Civil War-->"C:\Program Files\Hidden Mysteries - Civil War\Uninstall.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Owner\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hubble Images Screen Saver-->sstunst2.exe Hubble Images
HyperLoad-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Nabisco\HyperLoad\Uninst.isu"
Imaginext(TM) Battle Castle-->C:\Program Files\Common Files\Imaginext(TM)\Uninstall\CastleUn.exe
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Kazaa Media Desktop 2.1.1-->RunDll32 C:\WINNT\System32\cd_clint.dll,ServiceRunDll u_291 "{FA89A7AC-EABF-4D73-B19F-0C3D858D24EF}"
Kids Next Door-->C:\PROGRA~1\CARTOO~1\BEST\UNWISE.EXE C:\PROGRA~1\CARTOO~1\BEST\INSTALL.LOG
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player-->C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCP-1A-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9362611-F875-49CB-8C51-1F5C8A3D14BA}\setup.exe"
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mplibwiz.inf,DefaultUninstall
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Data Access Components KB870669-->C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Links 2001-->"C:\Program Files\Microsoft Games\Links 2001\UNINSTAL.EXE" /runtemp /addremove
Microsoft Links 2003-->"C:\Program Files\Microsoft Games\Links 2003\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo Premium 9-->C:\WINNT\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Rise Of Nations Trial-->"C:\Program Files\Microsoft Games\Rise of Nations Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Smart Card Base Components-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\scBase.inf, DefaultUninstall.NT
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft XML Parser and SDK-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
MobileDB for Palm OS-->C:\WINNT\unvise32.exe C:\Program Files\Handmark\MobileDB for Palm OS\uninstal.log
Monopoly Tycoon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}\Setup.exe"
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Gaming Zone-->C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINNT\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MyMouse 4.3-->"C:\Program Files\MyMouse\unins000.exe"
Nancy Drew: Ghost Dogs of Moon Lake-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\Ghost Dogs of Moon Lake\setup.exe" -l0x9
Nancy Drew: Secret of the Scarlet Hand-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\Secret of the Scarlet Hand\setup.exe" -l0x9
Nancy Drew: Stay Tuned For Danger-->C:\WINNT\IsUninst.exe -f"C:\Nancy Drew\Stay Tuned For Danger\Uninst.isu"
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster Label Creator-->MsiExec.exe /X{16FD907B-FA72-4F3C-B959-E076C8238F80}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Nero 7 Premium-->MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1033}
neXBC 5.0-->C:\PROGRA~1\neXBC\UNWISE.EXE C:\PROGRA~1\neXBC\INSTALL.LOG
Operation-->C:\WINNT\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
Paint Shop Pro 7 Try And Buy-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Palm Desktop and Synchronization Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall
Palm Desktop-->MsiExec.exe /X{72765AF7-BEA5-4C62-9EC9-A9E386305D04}
PC-Doctor for Windows-->C:\WINNT\UNWISE32.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\drmtool.inf,DefaultUninstall
PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
PhotoParade Player-->"C:\Program Files\PhotoParade\Uninstall PhotoParade Player.exe" "PhotoParade.exe"
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\audcle.inf,DefaultUninstall
Pokémon Edu Series-->C:\Program Files\The Learning Company\Pokémon\Sanctuary\Uninstall.exe Pokémon Edu Series
ProScan Client 1.8-->"C:\Program Files\ProScan Client\unins000.exe"
ProScan Client-->MsiExec.exe /I{9988754C-6374-445F-8E52-9DA3148433EC}
PS/2 Millennium Keyboard-->SKUninst.exe SK_PS2MillenniumKeyboard
PSP Video 9 1.51-->C:\Program Files\pspvideo9\uninst.exe
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rise of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\Uninstal.exe" /runtemp /uninstall
Roll-->C:\WINNT\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
Scooby-Doo(TM), Phantom of the Knight(TM)-->C:\Program Files\The Learning Company\Scooby-Doo(TM), Phantom of the Knight(TM)\uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINNT\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINNT\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINNT\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINNT\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINNT\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINNT\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINNT\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINNT\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINNT\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINNT\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINNT\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINNT\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINNT\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINNT\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINNT\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINNT\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINNT\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINNT\$NtUninstallKB960714$\spuninst\spuninst.exe"
ServerWatch AntiCheat-->"C:\WINNT\lsb_un20.exe" /C=UC /N=ServerWatch AntiCheat
Shockwave-->C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Shutterfly SmartUpload -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC0EDFA8-7700-11D5-9B6C-00601D22E8EA}\Setup.exe"
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
smart Card Reader-->MsiExec.exe /X{A6E4D63F-861B-438F-B56B-9B2BE2E0F1C5}
Solitare Pack I-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1061F223-2CCE-42B0-A1BB-4356596712CC}\Setup.exe"
Sound Blaster Live! Value-->C:\Program Files\Creative\SBLive\PROGRAM\CTUNINST.EXE
SpongeBob SquarePants Diner Dash (remove only)-->C:\Program Files\SpongeBob SquarePants Diner Dash\Uninstall.exe
SpongeBob SquarePants Diner Dash 2-->C:\PROGRA~1\NICKAR~1\SPONGE~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~1\INSTALL.LOG
SpongeBob SquarePants Obstacle Odyssey 2-->C:\PROGRA~1\NICKAR~1\SPONGE~2\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~2\INSTALL.LOG
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Support.com Web Controls-->"C:\Program Files\Support.com\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak 2 Server RC2-->"C:\Program Files\Teamspeak2_RC2\unins001.exe"
The Print Shop Ensemble III-->C:\WINNT\uninst.exe -f"C:\Program Files\The Print Shop Ensemble III\DeIsL1.isu"
Thomas & Friends - The Great Festival Adventure-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\The Great Festival Adventure\Uninst.isu"
Thomas New Line-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12230A4C-6902-4001-B606-48C6FC98B42A}\setup.exe" -l0x9 -uninst
TinyCars 1.1-->"C:\Program Files\Realore\TinyCars\unins000.exe"
To The Eds-treme-->C:\PROGRA~1\CARTOO~1\TOTHEE~1\UNWISE.EXE C:\PROGRA~1\CARTOO~1\TOTHEE~1\INSTALL.LOG
TONKA Firefighter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49F51417-DF8C-4272-94E3-A0D4B64060EA}\setup.exe" -l0x9
TONKA Search & Rescue 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E254C0-94AA-4B33-AF6D-5276A169A680}\setup.exe" -l0x9
Tonka Search and Rescue-->C:\HASBRO\TONKA_SR\SR_DEL95.EXE
TrunkStar780-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A2B7140-229C-4DEF-A237-EE63D5C205BD}\Setup.exe" -l0x9 -XYZ
Update for Windows XP (KB894391)-->"C:\WINNT\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINNT\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINNT\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINNT\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Verizon FiOS Activation-->"C:\WINNT\FIOS\unins000.exe"
Verizon FiOS Connection Wizard-->MsiExec.exe /I{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}
Verizon Help and Support Tool-->C:\Program Files\Verizon\Uninstall.exe
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.exe
WildWest Version 1.12-->MsiExec.exe /I{5E607A24-6C11-4DA9-938E-6392D8248929}
WinAce Archiver 2.0-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
WinAce Archiver-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\wmbonus.inf,DefaultUninstall
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mpxptray.inf,DefaultUninstall
Windows XP Hotfix - KB873333-->C:\WINNT\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINNT\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINNT\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINNT\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINNT\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINNT\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINNT\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINNT\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINNT\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINNT\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINNT\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINNT\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINNT\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINNT\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINNT\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINNT\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XLink Kai Evolution 7-->MsiExec.exe /X{7A1C83C7-2F60-4C0A-BA82-867DD20BE32C}
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) [2009-08-01]
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file) [2009-08-01]
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) [2009-08-01]

======Security center information======

AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall

======System event log======

Computer Name: FAMILY
Event Code: 7000
Message: The TrueVector Internet Monitor service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 75211
Source Name: Service Control Manager
Time Written: 20090628081611.000000-240
Event Type: error
User:

Computer Name: FAMILY
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Record Number: 75210
Source Name: Service Control Manager
Time Written: 20090628081611.000000-240
Event Type: error
User:

Computer Name: FAMILY
Event Code: 7000
Message: The TrueVector Internet Monitor service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 75209
Source Name: Service Control Manager
Time Written: 20090628081539.000000-240
Event Type: error
User:

Computer Name: FAMILY
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Record Number: 75208
Source Name: Service Control Manager
Time Written: 20090628081539.000000-240
Event Type: error
User:

Computer Name: FAMILY
Event Code: 7000
Message: The TrueVector Internet Monitor service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 75207
Source Name: Service Control Manager
Time Written: 20090628081507.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: FAMILY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.
Record Number: 22165
Source Name: EventSystem
Time Written: 20070511033048.000000-240
Event Type: warning
User:

Computer Name: FAMILY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.
Record Number: 22164
Source Name: EventSystem
Time Written: 20070511032001.000000-240
Event Type: warning
User:

Computer Name: FAMILY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.
Record Number: 22163
Source Name: EventSystem
Time Written: 20070511031047.000000-240
Event Type: warning
User:

Computer Name: FAMILY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.
Record Number: 22162
Source Name: EventSystem
Time Written: 20070511030047.000000-240
Event Type: warning
User:

Computer Name: FAMILY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.
Record Number: 22161
Source Name: EventSystem
Time Written: 20070511025047.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

 

[Bio-Hazard]

Hello!

Have you had any redirection still?

Re-run OTM

• Double-click OTM.exe to run it.
• Paste the following code under the
  
  area. Do not include the word Code.

:Files
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\WinMX
C:\Program Files\Common Files\Symantec Shared
:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large
  
  button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Update Adobe Reader

Your version of Adobe Reader is out-of-date. There are known security issues with older versions of Adobe Reader. It is strongly suggested that you update to the current version. Please uninstall older version of Adobe Reader before installing the latest version.

If you are using a FULL featured, purchased version of Adobe Acrobat Reader.
These instructions will remove the current version of Adobe Reader and replace it with the limited feature FREE version. If you want to replace the paid for version with the free version, then continue, otherwise DO NOT perform these steps!

• Click Start
• Control Panel
• Double clicking on Add/Remove Programs
• Locate older version of Adobe Reader and click on Change/Remove to uninstall it
• Click HERE to download the latest version of Adobe Reader.
• Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
• Close your Internet browser and open it again.

If you don't like Adobe Reader, you can download Foxit PDF Reader from HERE. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

• Answer to my question
• OTM Log
• A fresh HijackThis Log ( after all the above has been done)
• A description of how your computer is behaving

 

[fdpatches]

Hello,
I have done several more searches with no redirects, I am update adobe and here is the OTM log

All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
C:\Program Files\WinMX moved successfully.
C:\Program Files\Common Files\Symantec Shared\Script Blocking moved successfully.
C:\Program Files\Common Files\Symantec Shared moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 5552 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 13425503 bytes
->FireFox cache emptied: 64170666 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINNT\temp\ZLT037e0.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\ZLT03825.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 604 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74.07 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08052009_083735

Files moved on Reboot...
File C:\WINNT\temp\ZLT037e0.TMP not found!
File C:\WINNT\temp\ZLT03825.TMP not found!

Registry entries deleted on Reboot...


HIJack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:15 AM, on 8/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 12355 bytes


The computer seems to be running fine, I haven't really been using it that much until I get the all set from you, I need to do some windows updates and I want to do those before I start really using the computer again.

:thanks:

Tom

 

[Bio-Hazard]

Hello Tom!

You can do the updates now and use the computer.


Your log now appears to be clean. Congratulations!

You can get rid of the tools we used:

• DDS - (You can just delete the exe file from your desktop)
• RootRepeal - (You can just delete the exe file from your desktop)
• ATF cleaner - (You can just delete the exe file from your desktop)
• Gooredfix - (You can just delete the exe file from your desktop)
• Javara - (You can just delete the exe file from your desktop)

• Delete ComboFix and Clean Up
  Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
  
  
  
  Please advise if this step is missed for any reason as it performs some important actions.
  
  OTC
  
  Download OTC by Old Timer and save it to your Desktop.
  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself
  
  
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  
  
  General Security and Computer Health
  Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  
  
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    NOTE:You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.
  • Make Internet Explorer More Secure
    You are using Internet Explorer v.6.
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      Next press the Apply button and then the OK to exit the Internet Properties page.

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

• WinPatrol
  As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
• SpywareBlaster
  SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
• Malwarebytes' Anti-Malware
  Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide and Malwarebytes' Anti-Malware Scanning Guide.
• Hosts File
  For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
• Use an alternative Internet Browser
  Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera or Google Chrome

Here is a great article by miekiemoes How to prevent Malware

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Bio-Hazard

 

[fdpatches]

Thanks so much for all the help. I have a few question, my windows update is set to notify me when there are updates and don't download or install them. I haven't seen the yellow icon pop up in a while. What should I do? Also, can the ATF Cleaner be used on a regular basis? Again thank you so much for all your help.

Tom

 

[Bio-Hazard]

Thanks so much for all the help. I have a few question, my windows update is set to notify me when there are updates and don't download or install them. I haven't seen the yellow icon pop up in a while. What should I do? Also, can the ATF Cleaner be used on a regular basis? Again thank you so much for all your help.

Hello Tom!

Yes you can use ATF cleaner on regular bases.

You can go HERE to do your Windows updates.

Here iare instructions to make sure the Windows updates are turned on.

To turn on Windows Automatic updates

From your log i can see that your Windows automatic updates are turned of. Unpatched Windows operating system is a vulnerable to infections.

• Click Start and then click Control Panel.
• Double-click Automatic updates.
• Choose how you want your updates to be downloaded.
• Click Apply
• Click OK

If you have any problems let me know.