Inactive [InActive] Virus/Spyware redirecting google

Hi, I think i have some spyware or a virus on my pc. When i do a google search and click on any of the links found i am redirected to random shopping sites. I have run my anti virus software and nothing has been found. I have dowloaded HijackThis and below is the log file it generated.

Please can anyone help,
Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:05, on 27/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\KService\KService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/?ok
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=presario&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.9/uploader2.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180984703078
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/...jc.cab&File=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11008 bytes

 

Welcome to WindowsBBS cwoodford

Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Then I need you to download another tool.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool.
• At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of log.txt here in your next reply.

 

Hi Thanks for getting back to me.
Unfortunatley now when i switch my pc on i can only go into safe mode. It will boot normally.

I did however follow your instructions in safe mode.
I wasnt able to update mbam even though i allowed it to get through my firewall but i was able to run it. It found a few problems and removed them. The log is below,

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3

30/10/2008 19:38:13
mbam-log-2008-10-30 (19-38-13).txt

Scan type: Quick Scan
Objects scanned: 46063
Time elapsed: 15 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\data (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\XP_AntiSpyware\htmlayout.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\data\daily.cvd (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul Woodford\Application Data\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

I was then able to run RSIT and the log and info files are below,

Logfile of random's system information tool 1.04 (written by random/random)
Run by Paul Woodford at 2008-10-30 19:47:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (11%) free of 57 GB
Total RAM: 502 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:34, on 30/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
F:\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Paul Woodford.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/?ok
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=presario&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.9/uploader2.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180984703078
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/...jc.cab&File=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9723 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\shutdown.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2004-12-13 155648]
"HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2004-12-13 126976]
"SoundMAXPnP "=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]
"SoundMAX "=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"AGRSMMSG "=C:\WINDOWS\AGRSMMSG.exe [2004-08-24 88363]
"Apoint "=C:\Program Files\Apoint2K\Apoint.exe [2005-02-08 159744]
"hpWirelessAssistant "=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-11 794624]
"HP Software Update "=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"LSBWatcher "=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"eabconfg.cpl "=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"Cpqset "=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-09-07 213054]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-12 180269]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-26 136600]
"ZoneAlarm Client "=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"ISTray "=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"Malwarebytes Anti-Malware (reboot) "=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware "=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"kdx "=C:\WINDOWS\kdx\KHost.exe [2006-03-08 2236416]
"H/PC Connection Agent "=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Uniblue RegistryBooster 2009 "=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-12-13 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"ForceClassicControlPanel "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe "= "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\WINDOWS\kdx\KHost.exe "= "C:\WINDOWS\kdx\KHost.exe:*:Enabledelivery Manager "
"C:\Program Files\KService\KService.exe "= "C:\Program Files\KService\KService.exe:*:Enabledelivery Manager Service "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe "= "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*isabled:Football Manager 2008 "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc7b7222-287d-11dc-b4ca-0014a5669a82}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5e2a643-66a6-11db-b323-0014a5669a82}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://adfarm.mediaplex.com/ad/ck/7022-42592-16666-0?rfr=2799


======List of files/folders created in the last 3 months======

2008-10-30 19:47:19 ----D---- C:\rsit
2008-10-30 19:41:03 ----A---- C:\avenger.txt
2008-10-30 19:18:48 ----D---- C:\Documents and Settings\Paul Woodford\Application Data\Malwarebytes
2008-10-30 19:18:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 19:18:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 19:09:34 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 20:11:38 ----D---- C:\Program Files\Uniblue
2008-10-28 20:11:03 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-26 21:58:15 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-26 21:58:15 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-26 21:58:15 ----A---- C:\WINDOWS\system32\java.exe
2008-10-26 21:58:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-24 20:35:51 ----D---- C:\Program Files\Spyware Doctor
2008-10-24 20:35:51 ----D---- C:\Documents and Settings\Paul Woodford\Application Data\PC Tools
2008-10-24 20:34:59 ----D---- C:\!KillBox
2008-10-24 20:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-21 20:59:15 ----D---- C:\fixwareout
2008-10-21 20:38:26 ----D---- C:\Program Files\Trend Micro
2008-10-19 02:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-19 00:33:05 ----A---- C:\Documents and Settings\Paul Woodford\Application Data\xerynogife.bat
2008-10-19 00:33:04 ----A---- C:\WINDOWS\system32\jygor.com
2008-10-19 00:33:04 ----A---- C:\WINDOWS\fapi.dll
2008-10-18 07:46:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 07:44:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 20:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 20:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-10 22:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-09 20:30:05 ----D---- C:\Program Files\iPod
2008-10-09 20:29:24 ----D---- C:\Program Files\iTunes
2008-10-09 20:29:24 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 20:12:46 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-09 20:11:17 ----D---- C:\WINDOWS\Prefetch
2008-10-09 18:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-09 18:46:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-09 18:46:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-09 18:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-09 18:45:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-09 18:45:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-09 18:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-09 18:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-09 18:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-09 18:44:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-09 18:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-09 18:37:56 ----A---- C:\WINDOWS\setuplog.txt
2008-10-09 18:33:08 ----D---- C:\WINDOWS\system32\scripting
2008-10-09 18:33:07 ----D---- C:\WINDOWS\l2schemas
2008-10-09 18:33:04 ----D---- C:\WINDOWS\system32\en
2008-10-09 18:33:03 ----D---- C:\WINDOWS\system32\bits
2008-10-09 18:19:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-09 18:01:00 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-09 18:00:53 ----D---- C:\WINDOWS\EHome
2008-10-01 18:16:32 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-10-01 18:16:28 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-10-01 13:17:06 ----D---- C:\Program Files\Bonjour
2008-09-23 21:21:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2008-09-23 21:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-23 21:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-08-29 09:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 08:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-21 18:11:03 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-21 18:10:56 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-21 18:10:44 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-21 18:10:42 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-21 18:10:03 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-21 18:10:03 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-21 18:09:40 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-21 18:09:38 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-21 18:09:26 ----N---- C:\WINDOWS\system32\slserv.exe
2008-08-21 18:09:26 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-21 18:09:26 ----N---- C:\WINDOWS\slrundll.exe
2008-08-21 18:09:25 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-21 18:09:24 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-21 18:09:24 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-21 18:09:05 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-21 18:08:58 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-21 18:08:51 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-21 18:08:48 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-21 18:08:44 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-21 18:08:39 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-21 18:08:38 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-21 18:08:38 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-21 18:08:30 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-21 18:08:22 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-21 18:08:00 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-08-21 18:07:36 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-21 18:07:36 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-21 18:07:36 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-21 18:07:33 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-21 18:07:29 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-21 18:07:28 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-21 18:07:20 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-21 18:07:20 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-21 18:06:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-21 18:06:03 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-21 18:06:03 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-21 18:06:02 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-21 18:05:56 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-21 18:04:50 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-21 18:04:49 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-21 18:04:47 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-21 18:04:47 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-21 18:04:47 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-21 18:04:46 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-21 18:04:15 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-21 18:03:59 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-21 18:03:53 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-21 18:03:53 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-21 18:03:53 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-21 18:03:53 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-21 18:03:53 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-21 18:03:53 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-21 18:03:53 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-21 18:03:52 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-21 18:03:42 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-21 18:03:42 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-21 18:03:41 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-21 18:03:41 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-21 18:03:41 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-21 18:03:41 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-21 18:03:41 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-21 18:03:36 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-21 18:03:36 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-21 18:03:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-21 18:03:22 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-21 18:03:04 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-21 18:03:03 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-21 18:03:00 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-21 18:03:00 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-21 18:02:58 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-08-21 18:02:56 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-21 18:02:55 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 18:02:55 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-21 18:02:54 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-21 18:02:36 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-13 19:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-13 19:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-13 19:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 19:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-13 19:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 19:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-13 19:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$

======List of files/folders modified in the last 3 months======

2008-10-30 19:43:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-30 19:39:00 ----D---- C:\WINDOWS\system32
2008-10-30 19:38:13 ----RD---- C:\Program Files
2008-10-30 19:23:29 ----D---- C:\WINDOWS\Temp
2008-10-30 19:18:42 ----D---- C:\WINDOWS\system32\drivers
2008-10-30 19:16:50 ----D---- C:\Documents and Settings\Paul Woodford\Application Data\U3
2008-10-30 19:09:34 ----D---- C:\WINDOWS
2008-10-29 13:15:06 ----D---- C:\WINDOWS\Internet Logs
2008-10-29 12:52:25 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-29 00:02:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-28 20:12:00 ----D---- C:\Documents and Settings\Paul Woodford\Application Data\Uniblue
2008-10-28 20:11:40 ----SHD---- C:\WINDOWS\Installer
2008-10-28 20:11:40 ----D---- C:\Config.Msi
2008-10-28 19:47:02 ----D---- C:\WINDOWS\network diagnostic
2008-10-27 20:52:09 ----HD---- C:\WINDOWS\inf
2008-10-27 20:51:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-26 22:16:53 ----D---- C:\WINDOWS\Registration
2008-10-26 22:13:11 ----RD---- C:\WINDOWS\Web
2008-10-26 22:13:08 ----D---- C:\WINDOWS\ShellNew
2008-10-26 21:59:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-26 21:58:57 ----D---- C:\Program Files\Sun
2008-10-26 21:57:48 ----D---- C:\Program Files\Java
2008-10-26 21:52:17 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-24 20:02:32 ----A---- C:\WINDOWS\imsins.BAK
2008-10-24 20:01:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 18:34:02 ----SHD---- C:\System Volume Information
2008-10-21 18:34:02 ----D---- C:\WINDOWS\system32\Restore
2008-10-21 18:04:26 ----D---- C:\Program Files\Internet Explorer
2008-10-19 02:06:00 ----D---- C:\WINDOWS\ie7updates
2008-10-19 00:33:05 ----D---- C:\Program Files\Common Files
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-09 20:24:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-09 20:15:30 ----D---- C:\WINDOWS\Debug
2008-10-09 20:09:05 ----D---- C:\WINDOWS\system32\Setup
2008-10-09 20:09:05 ----D---- C:\WINDOWS\AppPatch
2008-10-09 20:09:05 ----D---- C:\Program Files\Messenger
2008-10-09 20:09:04 ----D---- C:\WINDOWS\system32\wbem
2008-10-09 20:09:04 ----D---- C:\Program Files\Outlook Express
2008-10-09 20:09:04 ----D---- C:\Program Files\Common Files\System
2008-10-09 20:09:02 ----RSD---- C:\WINDOWS\Fonts
2008-10-09 18:49:20 ----D---- C:\WINDOWS\security
2008-10-09 18:47:03 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-09 18:35:40 ----D---- C:\WINDOWS\WinSxS
2008-10-09 18:34:51 ----D---- C:\WINDOWS\ime
2008-10-09 18:34:46 ----D---- C:\WINDOWS\Help
2008-10-09 18:33:12 ----D---- C:\WINDOWS\system32\usmt
2008-10-09 18:33:12 ----D---- C:\WINDOWS\system32\en-US
2008-10-09 18:33:03 ----D---- C:\WINDOWS\PeerNet
2008-10-09 18:33:01 ----D---- C:\Program Files\Movie Maker
2008-10-09 18:18:35 ----D---- C:\WINDOWS\system32\npp
2008-10-09 18:18:33 ----D---- C:\WINDOWS\msagent
2008-10-09 18:18:21 ----D---- C:\WINDOWS\srchasst
2008-10-09 18:18:16 ----D---- C:\Program Files\NetMeeting
2008-10-09 18:18:10 ----D---- C:\WINDOWS\system32\Com
2008-10-09 18:17:59 ----D---- C:\Program Files\Windows Media Player
2008-10-09 18:17:50 ----D---- C:\Program Files\Windows NT
2008-10-09 18:16:40 ----D---- C:\WINDOWS\system32\oobe
2008-10-09 18:16:32 ----D---- C:\WINDOWS\system
2008-10-09 18:08:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-07 19:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 17:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-01 14:14:28 ----D---- C:\Documents and Settings\Paul Woodford\Application Data\Apple Computer
2008-10-01 13:16:24 ----D---- C:\Program Files\QuickTime
2008-10-01 13:15:09 ----D---- C:\Program Files\Common Files\Apple
2008-09-03 20:13:18 ----D---- C:\Documents and Settings\Paul Woodford\Application Data\Kontiki
2008-08-27 08:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 07:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 07:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 07:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 07:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 07:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 07:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 08:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 08:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 05:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-14 10:11:02 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-01-31 109319]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-01-13 12500]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
S1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-07-07 5632]
S1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
S2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
S2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-10-06 129280]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-08-24 1268204]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-01-17 23000]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-01-18 55320]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-12-13 776157]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-01-27 106496]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 KService;KService; C:\Program Files\KService\KService.exe [2006-03-08 2007040]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-10-30 19:47:41

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems AC'97 Modem-->agrsmdel
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll ",RunSetup
BlueSoleil-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Compaq Presario v4000 User Guides-->C:\PROGRA~1\CPQ\UNWISE.EXE C:\PROGRA~1\CPQ\INSTALL.LOG
goal utilities RuleTracker-->MsiExec.exe /X{90EAFD6A-E36F-4F1C-B2A8-56361A9D5C7C}
GTK+ 2.8.18-1 runtime environment--> "C:\Program Files\Common Files\GTK\2.0\unins000.exe "
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Wireless Assistant 1.01 A3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
InterPoker-->C:\WINDOWS\system32\UnPoker.exe InterCasinoPoker
InterVideo WinDVD--> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Development Kit 6 Update 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.16.6--> "C:\Program Files\LimeWire\uninstall.exe "
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Quick Launch Buttons 5.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)--> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Encoder (KB954156)--> "C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
Uniblue RegistryBooster 2009--> "C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
UserGuides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081028-1]
FW: ZoneAlarm Firewall

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK "=NO
"NUMBER_OF_PROCESSORS "=1
"OS "=Windows_NT
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin; "C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier "; "C:\Program Files\Java\jdk1.6.0_06\bin ";C:\Program Files\QuickTime\QTSystem\
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL "=6
"PROCESSOR_REVISION "=0d08
"SonicCentral "=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"windir "=%SystemRoot%
"tvdumpflags "=8
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"SAFEBOOT_OPTION "=MINIMAL

-----------------EOF-----------------

 

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply and give me a status update on how your computer is behaving.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall