Inactive [InActive] What to do when anti-virals are unresponsive?

It's not that interesting. I'm to the point where I don't care about license agreements. But we don't talk about that here... So, the question is better phrased as: Assuming I've found a copy of the OS to use, would it be easier?

And noah, wildfire... Please don't take offense. There's little in the way of explanation to be offered. I'm brand new, and it was supposed to be my predecessor's job to have this done by now. I got leaned on for what she didn't do. Sorry if it rolled over onto you.

 

I've more than once had computers boxed up and shipped to me for repair, should your boss care to sub out.

No offense taken CS - and please don't take offense to my words. They are meant to be constructive. Working with malware on a daily basis I fully understand where most any tech might need assistance removing it. Again though, you must be able to do a fair share of troubleshooting outside of malware removal on your own, to begin filling your predecessor's shoes, if that's the line of work you are in. We all get stuck sometimes, no matter how great or small our skill level, and there's certainly no shame in seeking help, but you cannot sit back and wait for someone else to do your work for you and expect things to get done in a timely manner. Have you yet disabled all the startups in msconfig to see if the problem goes away, and if you did, why did you not mention it? Have you done a check disk? See if the problem exists in safe mode? Anything on your own since starting this topic a week ago?

 

Procedures I attempted on my own:
Defrag
Scandisk
Install/Run Spybot (failed)
Install/Run Ad-Aware (failed)
Install/Run AVG (worked in command line mode only, during safe mode)

I booted into safe mode to run AVG. The lag was still present, and system resources were still being heavily drawn down. (I neglected to write down or screen capture task manager at that point. Sorry.)

It was at that point, I sought you out... And since you started advising me, I've done nothing but what was instructed. I was not interested in attempting something else that could generate errors for you to identify and fix that were my own fault. The computer already has too many. (I'd like to believe I'd be bolder if it were my own tower, and not someone else's.)

My skill level... is lower than I estimated it to be. I didn't even think of msconfig. That's usually something I shy away from, as well as regedit, unless I have someone over my shoulder giving explicit instructions.

Since reading your post, I have run msconfig and removed all checkmarks off the startup tab. The boot is faster and so is loading in. But, for example, the start menu still takes 3-5 seconds to resolve and become active when being clicked on. Beyond that, the next step would be to either (a) add programs to the checklist till I find a bottle neck or (b) research all the startup items and find the potentially harmful one that way.

What would your recommendation be? The... easiest way... seems to be adding one at a time.

 

Looking at the startup processes, I did some research since it was the least invasive course of action at the moment. I found the following entries that may or may not be viral - I often got results in my searches saying it was either safe and useless (ie something that run processes infrequently) or some kind of malware.

ctfmon - C:\WINDOWS\system32\cftmon.exe
msmsgs - "C:\Program Files\Messenger\msmsgs.exe" /background
RUNDLL32 - RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz - nwiz.exe /install

I'm still considering uninstalling Windows Defender. That's where I saw the most processing power go. But... It's supposed to be a trusted anti-viral. I'm not sure how to treat it.

 

If you're client is using Office, perhaps best left alone

Does your client use messenger?

NVidia graphics software, useful for gaming but not necessary for day to day office use.

 

Yes, they use office. And I know her kids use yahoo messneger. It's very likely they use MSN as well.

Strikeout on all 4 of those counts, I guess.

 

That was my point, you're guessing and then asking us to guess... Then pushing for answers.

I'm sure one of the specialists here will continue to help you, and as this isn't my field I'll won't contribute any further. I do hope things work out well for you.

Good luck

 

You can safely uncheck all of these.

msmsgs - "C:\Program Files\Messenger\msmsgs.exe" /background
RUNDLL32 - RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz - nwiz.exe /install

Windows Defender has been known to cause problems. Removing it as a test is probably a good move. See if the user still uses AOL. If not, get it off that machine.

Since I've run the latest release on a number of machines without introducing any problems, I am now recommending you use a registry cleaner (something I have not done for some time now, pending my own test results). I'd recommend you download RegSeeker version 1.55, save it to the desktop and extract it. Don't run it yet.


This procedure is documented on the Microsoft.com website for resetting registry and system file permissions, as well as default security descriptors. While it might not fix the problem, it should do no harm either. First, make the user account an Administrative User account and restart.

Download and install SubInACL from Microsoft.

Close out all other programs and open windows.

Highlight and copy the contents of the code box below.

Code:

cd /d  "%ProgramFiles%\Windows Resource Kits\Tools "
subinacl /subkeyreg HKEY_LOCAL_MACHINE /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CURRENT_USER /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CLASSES_ROOT /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
exit
cls

Click Start>Run and type cmd then hit enter to open a command window.
Right click in the command window and select paste.
It will take a while for the commands to process, so please be patient.
The command window should close on it's own when finished.
Reboot for the changes to take effect.


Now, open the RegSeeker folder and start RegSeeker.exe
Select Clean the registry
Make sure the Backup before deletion box in the lower left corner is checked and click Autoclean. Do not select Invalid Services (experimental)
Set it to 3 passes and select all boxes except Select all green items
Click Go.
When it completes, restart the computer.


Now scan create a new HijackThis log and post it here. Advise us of it's current behavior.

 

Now, can you educate me - which I seem to need more than getting a single computer fixed - and just what I'm doing. I mean, I recognize this is mucking about with the registry, but what exactly did we do?

Also, I could find no overt traces of AOL on the computer. There is a folder (c:\program files\aol\installers\aol explorer 1.0\) that contains some exe files, and the \installers\ directory has a log file that shows things were installed to an AIM directory. However, the AIM directory doesn't exist anymore, nor does it appear on the add/remove programs list.

The closest thing to an active AOL component I found was Web Tangent, which I researched and found to be a plugin for AIM (I remembered the program from spyware scans on an old computer I owned) that allows 3D gaming. I will remove that after I receive replies on the newest HJT log.

(The cmd window is still running while I post this. Just a minute more, please.)

EDIT:Two registry key edits have failed so far. Here's the error message I was able to write down:
HKEY_LOCAL_MACHINE\Security\Policy\Secrets\SAI: 2 The system canno (and thenthe message ends at the window)

EDIT 2: RegSeeker ran and told it me it had finished. Went to reboot, and was informed that updates were needing to be isntalled. The computer is automatically isntalling them now, and I'll post an HJT log as soon as it's back up. OR since new updates inevitably change the registry, should I run these two processes again? I'm thinking its unnecessary, since they're windows updates apparently... But I thought I'd make sure before proceeding.

 

IE has shown marked improvement. It processes faster than it has been, and I am no longer receiving the notification of a browser hijack - so far. The start menu, however, is still very sluggish.

Here's my latest log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-12 11:18:36
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 36 GB (69%) free of 52 GB
Total RAM: 1022 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:13 AM, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: f1AgentCtrl - https://my01.fusionone.com/installer/f1AgentCtrl.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4E8C3231-1C78-412F-8F0F-056210BA5C14} (YVidCapture Class) - http://ybcontent.bcst.yahoo.com/yvidcap/ie/v1.0.0.4/YVidCapCtrl.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121132224906
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 6880 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
UrlHelper Class - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [2008-04-17 398776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-15 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit - C:\HP\EXPLOREBAR\HPTOOLKT.DLL [2002-06-04 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll [2008-04-17 611768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig "=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe [2005-09-18 230512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-18 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe [2005-09-18 185456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2002-07-16 106549]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f1Tray.exe]
C:\PROGRA~1\FUSION~1\f1Tray.exe [2002-01-31 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe [2002-05-15 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe [2002-05-22 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe [2002-05-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE [2005-02-02 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmdprovidersbc]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-10-26 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe [2006-07-21 407032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
C:\PROGRA~1\SBCSEL~1\bin\matcli.exe [2003-10-10 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-05-15 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=255
"_NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\Program Files\Yahoo!\Messenger\yserver.exe "= "C:\Program Files\Yahoo!\Messenger\yserver.exe:*isabled:Yahoo! FT Server "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\WINDOWS\system32\fxsclnt.exe "= "C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe "= "C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 3 months======

2008-11-12 11:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 11:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 09:54:41 ----D---- C:\Program Files\Windows Resource Kits
2008-10-30 08:31:03 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-30 08:30:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 08:30:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 08:13:48 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-29 13:00:29 ----D---- C:\Program Files\trend micro
2008-10-29 13:00:20 ----D---- C:\rsit
2008-10-29 09:31:13 ----D---- C:\Program Files\AVG
2008-10-29 08:47:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-29 08:47:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 08:38:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-28 09:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-28 08:46:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-28 08:43:57 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-15 10:22:06 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-15 02:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-10 02:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-06 18:02:18 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-14 02:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 02:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 02:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 02:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 02:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 02:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 02:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

======List of files/folders modified in the last 3 months======

2008-11-12 11:18:34 ----D---- C:\WINDOWS\Prefetch
2008-11-12 11:17:38 ----RASH---- C:\BOOT.INI
2008-11-12 11:17:38 ----A---- C:\WINDOWS\win.ini
2008-11-12 11:17:38 ----A---- C:\WINDOWS\System.ini
2008-11-12 11:09:51 ----D---- C:\WINDOWS
2008-11-12 11:09:15 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2008-11-12 11:08:44 ----D---- C:\WINDOWS\system32
2008-11-12 11:06:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-12 11:06:06 ----D---- C:\WINDOWS\inf
2008-11-12 11:06:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 11:06:02 ----D---- C:\WINDOWS\system32\drivers
2008-11-12 11:05:56 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 11:05:50 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 11:04:55 ----HD---- C:\Config.Msi
2008-11-12 11:04:54 ----SHD---- C:\WINDOWS\Installer
2008-11-12 11:04:54 ----D---- C:\WINDOWS\WinSxS
2008-11-12 11:04:49 ----D---- C:\WINDOWS\Temp
2008-11-12 09:54:41 ----D---- C:\Program Files
2008-11-12 08:21:45 ----D---- C:\WINDOWS\CAVTemp
2008-11-12 08:05:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-12 08:05:21 ----D---- C:\WINDOWS\PCHEALTH
2008-11-12 08:05:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-12 08:05:19 ----SD---- C:\WINDOWS\Tasks
2008-11-12 08:00:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-06 12:26:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-30 09:05:38 ----D---- C:\Program Files\Internet Explorer
2008-10-29 12:23:27 ----D---- C:\WINDOWS\system32\wins
2008-10-29 10:37:28 ----D---- C:\Documents and Settings
2008-10-29 08:37:48 ----D---- C:\Program Files\Common Files
2008-10-28 08:45:56 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 11:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-06 19:29:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-06 18:02:16 ----D---- C:\WINDOWS\Debug
2008-09-04 10:42:02 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-27 02:26:03 ----D---- C:\WINDOWS\Help
2008-08-27 02:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 02:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 02:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 23:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-14 04:00:45 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 03:22:13 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 02:08:40 ----D---- C:\Program Files\Messenger
2008-08-14 02:04:49 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-05-22 90336]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-06-19 5589]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-06-19 22995]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2007-07-23 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2005-09-18 15735]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2005-09-18 21031]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2006-07-31 26787]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2005-09-18 15478]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-06-06 40368]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-07-16 23701]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-07-16 34805]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-07-16 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-07-16 2201]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-07-16 54900]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-07-16 14421]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-07-16 6325]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-07-16 91156]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-07-16 95125]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-05-22 69504]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-05-22 78045]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-11-30 28352]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-08 13780]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2007-07-23 108360]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 CCCP106;CIF USB Camera (2110A); C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-28 227200]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-05-03 931882]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-13 155008]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-08 188032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2004-04-21 1434848]
R2 CAISafe;CAISafe; C:\Program Files\Yahoo!\Antivirus\ISafe.exe [2005-09-18 259184]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 VETMSGNT;VET Message Service; C:\Program Files\Yahoo!\Antivirus\VetMsg.exe [2005-09-18 201840]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-05-03 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-10 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S3 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------

 

I've just been informed by the owner of the computer that I can remove the IE toolbars and yahoo messenger. I'll strip these out and post a new log (that hopefully has fewer entries).

EDIT: I removed a few yahoo tools and the google toolbar. However, Google Toolbar Notifier is still in the msconfig startup listings, as well as a number of yahoo-related things that I did not see identified either in the start menu or add/remove programs. After I post this log, I will proceed to track down the actual folders that these programs install themselves into and see if I can find proper uninstall files.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-12 14:45:27
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 36 GB (69%) free of 52 GB
Total RAM: 1022 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:09 PM, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: f1AgentCtrl - https://my01.fusionone.com/installer/f1AgentCtrl.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4E8C3231-1C78-412F-8F0F-056210BA5C14} (YVidCapture Class) - http://ybcontent.bcst.yahoo.com/yvidcap/ie/v1.0.0.4/YVidCapCtrl.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121132224906
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 6651 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
UrlHelper Class - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [2008-04-17 398776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-15 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit - C:\HP\EXPLOREBAR\HPTOOLKT.DLL [2002-06-04 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2006-10-26 440384]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll [2008-04-17 611768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig "=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe [2005-09-18 230512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-18 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe [2005-09-18 185456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2002-07-16 106549]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f1Tray.exe]
C:\PROGRA~1\FUSION~1\f1Tray.exe [2002-01-31 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe [2002-05-15 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe [2002-05-22 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe [2002-05-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE [2005-02-02 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmdprovidersbc]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-10-26 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe [2006-07-21 407032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
C:\PROGRA~1\SBCSEL~1\bin\matcli.exe [2003-10-10 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-05-15 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=255
"_NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\Program Files\Yahoo!\Messenger\yserver.exe "= "C:\Program Files\Yahoo!\Messenger\yserver.exe:*isabled:Yahoo! FT Server "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\WINDOWS\system32\fxsclnt.exe "= "C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe "= "C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 3 months======

2008-11-12 11:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 11:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 09:54:41 ----D---- C:\Program Files\Windows Resource Kits
2008-10-30 08:31:03 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-30 08:30:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 08:30:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 08:13:48 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-29 13:00:29 ----D---- C:\Program Files\trend micro
2008-10-29 13:00:20 ----D---- C:\rsit
2008-10-29 09:31:13 ----D---- C:\Program Files\AVG
2008-10-29 08:47:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-29 08:47:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 08:38:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-28 09:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-28 08:46:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-28 08:43:57 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-15 10:22:06 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-15 02:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-10 02:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-06 18:02:18 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-14 02:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 02:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 02:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 02:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 02:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 02:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 02:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

======List of files/folders modified in the last 3 months======

2008-11-12 14:44:53 ----D---- C:\WINDOWS\Prefetch
2008-11-12 14:38:23 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2008-11-12 14:38:07 ----D---- C:\WINDOWS\CAVTemp
2008-11-12 14:36:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-12 14:36:29 ----RASH---- C:\BOOT.INI
2008-11-12 14:36:29 ----A---- C:\WINDOWS\win.ini
2008-11-12 14:36:29 ----A---- C:\WINDOWS\System.ini
2008-11-12 14:34:24 ----D---- C:\Program Files\Yahoo!
2008-11-12 14:34:23 ----D---- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-11-12 14:33:24 ----D---- C:\Program Files\Google
2008-11-12 11:09:51 ----D---- C:\WINDOWS
2008-11-12 11:08:44 ----HD---- C:\Config.Msi
2008-11-12 11:08:44 ----D---- C:\WINDOWS\system32
2008-11-12 11:06:06 ----D---- C:\WINDOWS\inf
2008-11-12 11:06:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 11:06:02 ----D---- C:\WINDOWS\system32\drivers
2008-11-12 11:05:56 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 11:05:50 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 11:04:54 ----SHD---- C:\WINDOWS\Installer
2008-11-12 11:04:54 ----D---- C:\WINDOWS\WinSxS
2008-11-12 11:04:49 ----D---- C:\WINDOWS\Temp
2008-11-12 09:54:41 ----D---- C:\Program Files
2008-11-12 08:05:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-12 08:05:21 ----D---- C:\WINDOWS\PCHEALTH
2008-11-12 08:05:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-12 08:05:19 ----SD---- C:\WINDOWS\Tasks
2008-11-12 08:00:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-06 12:26:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-30 09:05:38 ----D---- C:\Program Files\Internet Explorer
2008-10-29 12:23:27 ----D---- C:\WINDOWS\system32\wins
2008-10-29 10:37:28 ----D---- C:\Documents and Settings
2008-10-29 08:37:48 ----D---- C:\Program Files\Common Files
2008-10-28 08:45:56 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 11:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-06 19:29:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-06 18:02:16 ----D---- C:\WINDOWS\Debug
2008-09-04 10:42:02 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-27 02:26:03 ----D---- C:\WINDOWS\Help
2008-08-27 02:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 02:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 02:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 23:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-14 04:00:45 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 03:22:13 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 02:08:40 ----D---- C:\Program Files\Messenger
2008-08-14 02:04:49 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-05-22 90336]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-06-19 5589]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-06-19 22995]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2007-07-23 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2005-09-18 15735]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2005-09-18 21031]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2006-07-31 26787]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2005-09-18 15478]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-06-06 40368]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-07-16 23701]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-07-16 34805]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-07-16 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-07-16 2201]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-07-16 54900]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-07-16 14421]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-07-16 6325]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-07-16 91156]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-07-16 95125]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-05-22 69504]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-05-22 78045]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2007-07-23 108360]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 CCCP106;CIF USB Camera (2110A); C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-28 227200]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-11-30 28352]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-05-03 931882]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-08 13780]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-13 155008]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-08 188032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2004-04-21 1434848]
R2 CAISafe;CAISafe; C:\Program Files\Yahoo!\Antivirus\ISafe.exe [2005-09-18 259184]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 VETMSGNT;VET Message Service; C:\Program Files\Yahoo!\Antivirus\VetMsg.exe [2005-09-18 201840]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-05-03 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-10 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S3 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------

 

Please move this topic to inactive. The user opted to take her computer home before treatment was complete. As long as it was "better than I gave it to you," she was content with it. =\

Guess that makes me, as far as repaired computers go, 0-1.

 

Sorry to hear that but look on the bright side. If nothing else, I think (based on your reponses) at least you have a much better appreciation for this stuff and realize that cleaning some of this junk requires a lot more than a couple of do-it-all utilities. Secondly, she'll be back - you can count on it. Ubfortunately, you probably won't get her machine back until it either won't boot or can't be used to surf.

 

I'd say that's 1-0 .. user is content .. machine is better. Good possibility it would not have gotten better without hardware upgrades too.

Sorry I didn't get back to you last night .... got very busy.

You asked me to educate you on what I had you do. First, using SubInACL the registry hive's permissions were reset, then permissions were reset on the System files (C:\Windows). Then the registry was cleaned of leftover junk .... invalid paths, etc. Next steps would have been to first get BearShare off. P2P apps are just bad news. Once you had removed all the leftover files and folders associated with uninstalled programs and run disk cleanup again, another couple defrags with reboots would have been in order. I've been using a similar routine on a number of machines lately with great results.

CUIS, I think you did a great job. I'd say you probably learned a bit too, which is always a plus.