Solved Never Get a Clean Scan

[Resolved] Never Get a Clean Scan

Helped a friend set up a new computer - he gave me his old one. I have uninstalled all the unnecessary programs that I could identify. It seems to be operating fairly well. I have run Spybot and AdAware a couple of times and an on-line virus scan as well as the installed AVG scan.

Still get a number of bad things with each scan and it seems there are always some files that can't be fixed. Hope someone can give me a hand. Here is the HiJack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:24 PM, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Panda Security\WAC\PSCtrlC.exe
C:\Windows\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\nvsvc32.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Panda Security\WAC\PSIMSVC.EXE
C:\Windows\System32\svchost.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VA0NAWZJ\na_aspy_ca_32_en_ASPYLE_trial[1].exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Program Files\Panda Security\WAC\PSCtrlC.exe "
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [caaspydelayedscan] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CaAntiSpyware.exe" /delayscan
O4 - HKLM\..\RunOnce: [ccube_Install_Lock] "C:\Documents and Settings\All Users\Application Data\CA\Consumer\ISS\tmp\cazz_001.exe" /null /RunOnce
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\olbackup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.nachnet.com (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212685998328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05487543-58E9-4BD0-AC0F-E05B94855CB5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{05487543-58E9-4BD0-AC0F-E05B94855CB5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{05487543-58E9-4BD0-AC0F-E05B94855CB5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Kaseya - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\System32\nvsvc32.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\WAC\pavsrv51.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Panda Imanager Service (Psimsvc) - Panda Software International - C:\Program Files\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O24 - Desktop Component 0: (no name) - C:\MTS\EPTPICDEC2003.jpg

--
End of file - 10093 bytes

 

Hi Robert,

It might help us to know what things have been unsuccessful in removing.

Is the following a valid desktop background?

C:\MTS\EPTPICDEC2003.jpg

It appears you ran the CA Antispyware trial upon downloading, rather than first saving it to the drive. It is running from a temporary folder. Recommend you reboot to finanlize the installation.

Next, lets use another scanner that gives us a better look at things.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool and click Continue at the disclaimer.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of both logs here in your next reply.

 

Dave,

Thanks for the quick resonse. Your questions:

At the time I ran the scans, I didn't see any identification of the items that couldn't be removed. Most of the items removed were Cookies. I looked in both Spybot and AdAware for any logs or files - but they are either not there or I don't know how to find them.

Regarding the desktop background question - I don't have a clue what that is and it is not listed as one of the potential backgrounds.

As to the CA Antispyware Trial, I didn't intend to download that. My intent was to run an on-line scan. Guess I misunderstood what was on the monitor. I would just as soon get rid of it - should I wait until later to do that uninstall?

RSIT log.txt file:

Logfile of random's system information tool (written by random/random)
Run by Owner at 2008-08-27 22:59:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (60%) free of 29 GB
Total RAM: 767 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:50 PM, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\nvsvc32.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Panda Security\WAC\PSIMSVC.EXE
C:\Windows\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Panda Security\WAC\PSCtrlC.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Program Files\Panda Security\WAC\PSCtrlC.exe "
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\olbackup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.nachnet.com (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212685998328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05487543-58E9-4BD0-AC0F-E05B94855CB5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{05487543-58E9-4BD0-AC0F-E05B94855CB5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{05487543-58E9-4BD0-AC0F-E05B94855CB5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Kaseya - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\System32\nvsvc32.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\WAC\pavsrv51.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Panda Imanager Service (Psimsvc) - Panda Software International - C:\Program Files\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O24 - Desktop Component 0: (no name) - C:\MTS\EPTPICDEC2003.jpg

--
End of file - 9774 bytes

Scheduled tasks folder

C:\Windows\tasks\CAAntiSpywareScan_Daily as Owner at 9 55 PM.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-10 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [2007-02-24 333472]
{8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"nwiz "=C:\Windows\system32\nwiz.exe [2003-10-06 741376]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2004-05-21 98304]
"BCMSMMSG "=C:\Windows\BCMSMMSG.exe [2003-08-29 122880]
"AOLDialer "=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe []
"AdaptecDirectCD "=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Error Nuker "=C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart []
"Kaseya Agent Service Helper "=C:\Program Files\Kaseya\Agent\KaUsrTsk.exe [2008-03-07 229376]
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-17 1232152]
"Panda Software Controller Client "=C:\Program Files\Panda Security\WAC\PSCtrlC.exe [2008-04-16 190256]
" "= []
"cctray "=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008-07-18 181488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "=C:\WINDOWS\System32\NVMCTRAY.DLL [2003-10-06 49152]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"AOL Fast Start "=C:\Program Files\America Online 9.0a\AOL.EXE -b []
"ctfmon.exe "=C:\Windows\system32\ctfmon.exe [2008-04-13 15360]
"Eraser "=C:\Program Files\Eraser\eraser.exe [2006-12-25 643072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Quicken Scheduled Updates.lnk - C:\QUICKENW\olbackup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\Windows\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Value Line Publishing\Value Line Investment Survey for Windows\Vlis.exe "= "C:\Program Files\Value Line Publishing\Value Line Investment Survey for Windows\Vlis.exe:*:Enabled:Value Line Investment Analyzer v3.0 "
"C:\Documents and Settings\Owner\Local Settings\Temp\vncviewer.exe "= "C:\Documents and Settings\Owner\Local Settings\Temp\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32 "
"C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe "= "C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe "
"C:\Program Files\AVG\AVG8\avgemc.exe "= "C:\Program Files\AVG\AVG8\avgemc.exe:*isabled:avgemc.exe "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*isabled:avgupd.exe "
"C:\WINDOWS\system32\mshta.exe "= "C:\WINDOWS\system32\mshta.exe:*isabled:Microsoft (R) HTML Application host "
"C:\Windows\Network Diagnostic\xpnetdiag.exe "= "C:\Windows\Network Diagnostic\xpnetdiag.exe:*isabledxpsp3res.dll,-20000 "
"C:\Windows\system32\sessmgr.exe "= "C:\Windows\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Internet Explorer\iexplore.exe "= "C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\America Online 9.0a\waol.exe "= "C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a "
"C:\Program Files\America Online 9.0c\waol.exe "= "C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe "= "C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe "

List of files/folders created in the last three months

2008-08-27 22:59:30 ----D---- C:\rsit
2008-08-27 22:04:41 ----D---- C:\Program Files\Trend Micro
2008-08-27 21:54:36 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2008-08-27 21:54:32 ----D---- C:\Program Files\CA
2008-08-27 21:53:45 ----A---- C:\caisslog.txt
2008-08-27 00:18:26 ----HDC---- C:\Windows\$NtUninstallKB951376-v2$
2008-08-27 00:18:15 ----HDC---- C:\Windows\$NtUninstallKB952954$
2008-08-27 00:18:06 ----HDC---- C:\Windows\$NtUninstallKB946648$
2008-08-27 00:17:58 ----HDC---- C:\Windows\$NtUninstallKB953839$
2008-08-27 00:17:06 ----HDC---- C:\Windows\$NtUninstallKB951978$
2008-08-27 00:16:56 ----HDC---- C:\Windows\$NtUninstallKB950974$
2008-08-27 00:14:36 ----HDC---- C:\Windows\$NtUninstallKB951072-v2$
2008-08-27 00:14:26 ----HDC---- C:\Windows\$NtUninstallKB952287$
2008-08-27 00:13:03 ----HDC---- C:\Windows\$NtUninstallKB951066$
2008-08-27 00:12:49 ----HDC---- C:\Windows\$NtUninstallKB951748$
2008-08-27 00:08:38 ----D---- C:\Program Files\Belarc
2008-08-27 00:03:32 ----D---- C:\Windows\Prefetch
2008-08-26 23:59:23 ----HDC---- C:\Windows\$NtUninstallKB951698$
2008-08-26 23:59:14 ----HDC---- C:\Windows\$NtUninstallKB951376$
2008-08-26 23:59:06 ----HDC---- C:\Windows\$NtUninstallKB950762$
2008-08-26 23:53:18 ----D---- C:\Windows\system32\scripting
2008-08-26 23:53:16 ----D---- C:\Windows\l2schemas
2008-08-26 23:53:15 ----D---- C:\Windows\system32\en
2008-08-26 23:27:24 ----N---- C:\Windows\system32\wmphoto.dll
2008-08-26 23:27:22 ----N---- C:\Windows\system32\wlanapi.dll
2008-08-26 23:27:19 ----N---- C:\Windows\system32\windowscodecsext.dll
2008-08-26 23:27:19 ----N---- C:\Windows\system32\windowscodecs.dll
2008-08-26 23:27:08 ----N---- C:\Windows\system32\tspkg.dll
2008-08-26 23:26:51 ----N---- C:\Windows\system32\setupn.exe
2008-08-26 23:26:44 ----N---- C:\Windows\system32\rasqec.dll
2008-08-26 23:26:43 ----N---- C:\Windows\system32\qutil.dll
2008-08-26 23:26:41 ----N---- C:\Windows\system32\qcliprov.dll
2008-08-26 23:26:40 ----N---- C:\Windows\system32\qagentrt.dll
2008-08-26 23:26:40 ----N---- C:\Windows\system32\qagent.dll
2008-08-26 23:26:38 ----N---- C:\Windows\system32\photometadatahandler.dll
2008-08-26 23:26:34 ----N---- C:\Windows\system32\onex.dll
2008-08-26 23:26:21 ----N---- C:\Windows\system32\napstat.exe
2008-08-26 23:26:21 ----N---- C:\Windows\system32\napmontr.dll
2008-08-26 23:26:21 ----N---- C:\Windows\system32\napipsec.dll
2008-08-26 23:26:19 ----A---- C:\Windows\system32\msxml6r.dll
2008-08-26 23:26:15 ----N---- C:\Windows\system32\msshavmsg.dll
2008-08-26 23:26:15 ----N---- C:\Windows\system32\mssha.dll
2008-08-26 23:25:53 ----N---- C:\Windows\system32\mmcperf.exe
2008-08-26 23:25:53 ----N---- C:\Windows\system32\mmcfxcommon.dll
2008-08-26 23:25:53 ----N---- C:\Windows\system32\mmcex.dll
2008-08-26 23:25:53 ----N---- C:\Windows\system32\microsoft.managementconsole.dll
2008-08-26 23:25:39 ----N---- C:\Windows\system32\l2gpstore.dll
2008-08-26 23:25:27 ----N---- C:\Windows\system32\kmsvc.dll
2008-08-26 23:25:27 ----N---- C:\Windows\system32\kbdpash.dll
2008-08-26 23:25:26 ----N---- C:\Windows\system32\kbdnepr.dll
2008-08-26 23:25:26 ----N---- C:\Windows\system32\kbdiultn.dll
2008-08-26 23:25:26 ----N---- C:\Windows\system32\kbdbhc.dll
2008-08-26 23:24:55 ----A---- C:\Windows\005806_.tmp
2008-08-26 23:24:53 ----N---- C:\Windows\system32\eapsvc.dll
2008-08-26 23:24:53 ----N---- C:\Windows\system32\eapqec.dll
2008-08-26 23:24:53 ----N---- C:\Windows\system32\eappprxy.dll
2008-08-26 23:24:52 ----N---- C:\Windows\system32\eapphost.dll
2008-08-26 23:24:52 ----N---- C:\Windows\system32\eappgnui.dll
2008-08-26 23:24:52 ----N---- C:\Windows\system32\eappcfg.dll
2008-08-26 23:24:52 ----N---- C:\Windows\system32\eapp3hst.dll
2008-08-26 23:24:52 ----N---- C:\Windows\system32\eapolqec.dll
2008-08-26 23:24:48 ----N---- C:\Windows\system32\dot3ui.dll
2008-08-26 23:24:48 ----N---- C:\Windows\system32\dot3svc.dll
2008-08-26 23:24:48 ----N---- C:\Windows\system32\dot3msm.dll
2008-08-26 23:24:48 ----N---- C:\Windows\system32\dot3gpclnt.dll
2008-08-26 23:24:48 ----N---- C:\Windows\system32\dot3dlg.dll
2008-08-26 23:24:48 ----N---- C:\Windows\system32\dot3cfg.dll
2008-08-26 23:24:48 ----N---- C:\Windows\system32\dot3api.dll
2008-08-26 23:24:46 ----N---- C:\Windows\system32\dimsroam.dll
2008-08-26 23:24:46 ----N---- C:\Windows\system32\dimsntfy.dll
2008-08-26 23:24:46 ----N---- C:\Windows\system32\dhcpqec.dll
2008-08-26 23:24:42 ----N---- C:\Windows\system32\credssp.dll
2008-08-26 23:24:35 ----N---- C:\Windows\system32\bitsprx4.dll
2008-08-26 23:24:34 ----N---- C:\Windows\system32\azroles.dll
2008-08-26 22:58:51 ----A---- C:\Windows\system32\wuapi.dll.mui
2008-08-26 20:55:23 ----A---- C:\Windows\wininit.ini
2008-08-23 09:48:02 ----HD---- C:\$AVG8.VAULT$
2008-08-17 22:41:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-08-17 22:31:19 ----A---- C:\Windows\AdminIE.ini
2008-08-17 22:31:12 ----D---- C:\Program Files\Panda Security
2008-08-17 22:12:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-17 22:11:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-17 21:55:26 ----A---- C:\Windows\system32\avgrsstx.dll
2008-08-17 21:55:02 ----D---- C:\Program Files\AVG
2008-08-17 21:55:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-17 20:25:59 ----A---- C:\Windows\system32\javaws.exe
2008-08-17 20:25:59 ----A---- C:\Windows\system32\javaw.exe
2008-08-17 20:25:59 ----A---- C:\Windows\system32\java.exe
2008-08-16 15:26:14 ----A---- C:\ntdetect.com
2008-08-16 15:26:05 ----A---- C:\boot.ini
2008-08-15 14:31:49 ----A---- C:\Windows\system32\erasext.dll
2008-08-15 14:31:49 ----A---- C:\Windows\system32\eraserl.exe
2008-08-15 14:31:49 ----A---- C:\Windows\system32\Eraser.dll
2008-08-15 14:31:48 ----D---- C:\Program Files\Eraser
2008-06-21 09:23:38 ----A---- C:\Windows\ebraryRdr.ini
2008-06-20 07:40:14 ----D---- C:\Documents and Settings\Owner\Application Data\ICAClient
2008-06-20 06:05:54 ----D---- C:\Documents and Settings\All Users\Application Data\sentinel
2008-06-19 23:55:22 ----RSHD---- C:\Windows\PSICache
2008-06-15 12:42:28 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-06-15 12:39:41 ----RA---- C:\Windows\hpzshl01.exe
2008-06-15 12:39:40 ----RA---- C:\Windows\hpzmsi01.exe
2008-06-15 12:39:35 ----D---- C:\Windows\yellowtail
2008-06-15 12:38:41 ----HD---- C:\Config.Msi
2008-06-15 12:37:16 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-06-15 12:36:23 ----A---- C:\Windows\system32\hpz3l5mu.dll
2008-06-15 12:35:50 ----DC---- C:\Windows\system32\DRVSTORE
2008-06-12 03:06:43 ----HDC---- C:\Windows\$NtUninstallKB951698_0$
2008-06-12 03:05:52 ----HDC---- C:\Windows\$NtUninstallKB950762_0$
2008-06-12 03:05:07 ----HDC---- C:\Windows\$NtUninstallKB950760$
2008-06-12 03:04:23 ----HDC---- C:\Windows\$NtUninstallKB951376_0$
2008-06-06 03:05:04 ----HDC---- C:\Windows\$NtUninstallKB950749$
2008-06-06 03:04:50 ----HDC---- C:\Windows\$NtUninstallKB932823-v3$
2008-06-06 03:02:57 ----A---- C:\Windows\system32\MRT.INI
2008-06-05 13:58:00 ----A---- C:\Windows\system32\mucltui.dll.mui
2008-06-05 13:58:00 ----A---- C:\Windows\system32\mucltui.dll
2008-05-31 14:50:31 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

List of drivers

R1 AFS2K;AFS2k; C:\Windows\system32\drivers\AFS2K.sys [2004-11-17 43672]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\system32\System32\Drivers\avgmfx86.sys []
R1 BANTExt;Belarc SMBios Access; C:\Windows\system32\System32\Drivers\BANTExt.sys []
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2004-05-22 59440]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2004-05-22 23724]
R1 cdudf_xp;cdudf_xp; C:\Windows\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 intelppm;Intel Processor Driver; C:\Windows\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\Windows\system32\SYSTEM32\DRIVERS\OMCI.SYS []
R1 pwd_2k;pwd_2k; C:\Windows\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 UdfReadr_xp;UdfReadr_xp; C:\Windows\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\Windows\system32\System32\drivers\ws2ifsl.sys []
R2 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\system32\System32\Drivers\avgtdix.sys []
R2 tmcomm;tmcomm; \??\C:\Windows\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 BCMModem;BCM V.92 56K Modem; C:\Windows\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\System32\DRIVERS\e100b325.sys [2002-04-30 139776]
R3 HidUsb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 KAPFA;KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS []
R3 mmc_2K;mmc_2K; C:\Windows\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\Windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-06-17 553624]
R3 usbhub;USB2 Enabled Hub; C:\Windows\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 dvd_2K;dvd_2K; C:\Windows\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys []
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [2007-01-17 21568]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\Windows\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\Windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\Windows\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\Windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\Windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\Windows\system32\drivers\IntelIde.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-27 611664]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-17 873752]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-17 231192]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-26 283912]
R2 KaseyaAgent;Kaseya Agent; C:\Program Files\Kaseya\Agent\AgentMon.exe [2008-03-07 598016]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\System32\nvsvc32.exe [2003-10-06 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-04-13 14336]
R2 Psimsvc;Panda Imanager Service; C:\Program Files\Panda Security\WAC\PSIMSVC.EXE [2007-12-26 108336]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2007-06-11 438272]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2008-07-18 214256]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-04-10 185608]
S2 AOLService;AOL Spyware Protection Service; C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe []
S2 PavSrv;Panda Antivirus Service; C:\Program Files\Panda Security\WAC\pavsrv51.exe [2008-04-09 149296]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\Windows\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Will put the info.txt file in another Post.

 

RSIT info.txt file:

info.txt logfile of random's system information tool 2008-08-27 22:59:54

Uninstall list

--> "C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox= "N" /CheckMutx= "N" /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48C76121-4F90-11D5-9884-0050BA85A903}\Setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 2.2 (Remove Only)--> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe "
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Bridge Baron 16-->MsiExec.exe /X{98CB5CA0-88D8-47E2-ABEC-A2547986B97F}
CA Anti-Spyware--> "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\setup\ccinstaller.exe" /u /silent /module= "pp "
CA Anti-Spyware--> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=pp
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Eraser 5.82--> "C:\Program Files\Eraser\unins000.exe "
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\Windows\$NtUninstallKB952287$\spuninst\spuninst.exe "
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Base Smart Card Cryptographic Service Provider Package--> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe "
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0)-->C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSN Money Investment Toolbox--> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Panda EndPoint Protection-->MsiExec.exe /X{60C1D105-5A4A-4A71-940A-BE9B0D36CED4}
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Readiris 7.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Internet Explorer 7 (KB928090)--> "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB929969)--> "C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\Windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\Windows\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\Windows\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\Windows\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\Windows\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\Windows\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\Windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\Windows\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\Windows\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\Windows\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\Windows\$NtUninstallKB953839$\spuninst\spuninst.exe "
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Update for Windows XP (KB951072-v2)--> "C:\Windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\Windows\$NtUninstallKB951978$\spuninst\spuninst.exe "
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html "
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Format SDK Hotfix - KB891122--> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\Windows\$NtServicePackUninstall$\spuninst\spuninst.exe "

Hosts File

127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com

Security center information

AV: AVG Anti-Virus Free

Environment variables

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION "=0207
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK "=NO
"VERSION "=3.0.2.97
"SESSIONID "=1100247805921wuws07-la3d3b:1003c6f359e:4062
"COLLECTIONID "=COL8143
"ITEMID "=dj-22741-6
"UPDATEDIR "=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad49606.tmp
"TOOLPATH "=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
"HMSERVER "=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet
"SWUTVER "=1.0.18.20030625
"OSVER "=winXPH
"LANG "=1033
"TIMEOUT "=0

-----------------EOF-----------------

 

I don't see anything in the logs that suggest a problem. Check for the existence of C:\MTS\EPTPICDEC2003.jpg (might want to see what else is in that folder too) and it's validity.
Go to your desktop properties, Desktop tab, Customize Desktop button, Web Tab and see if that file is listed. If so, you can remove it from that list if you want, which removes only the registry pointer. The file itself would need to be removed manually.

Spybot logs

Open Spybot in Advanced mode, or open and select Mode>Advanced on the Menu.
In the left pane, select Tools, then View report.
In the right pane header, select View previous report, then select the desired report, be it a check report or fixes report.

Just making note ..... your Java is outdated. Old versions can be exploited and should be uninstalled, and the latest version installed. The latest is Java Runtime Environment (JRE) 6 Update 7

You can uninstall the CA trial at anytime.

Did you run any online virus scans?

 

Dave,

Again thanks for your time you've taken to look at this issue. Here are my responses to the questions in your last post:

The folder C:\MTS is empty. I checked the folder options to make sure it wasn't a hidden file.

In the Desktop Properties, that file is shown as an option in the Customize-Web Tab. However, there is no check in the block. Since it appears that the file doesn't even exist, I would assume that I can delete the folder and the references.

Fix Folder - 8/27 Those showing up as Unfixed refer to Wild Tangent. Everything else was Fixed.

Check Folder - 8/27 Didn't know how to read it so I have pasted it in since it is fairly short.


--- Report generated: 2008-08-27 22:52 ---

Hint of the Day: Click the bar at the right of this to see more information! ()



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-08-18 TeaTimer.exe (1.6.2.23)
2008-08-17 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-08-05 Includes\Adware.sbi (*)
2008-08-26 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-08-05 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-08-19 Includes\Hijackers.sbi (*)
2008-08-26 Includes\HijackersC.sbi (*)
2008-08-05 Includes\Keyloggers.sbi (*)
2008-08-26 Includes\KeyloggersC.sbi (*)
2008-08-27 Includes\Malware.sbi (*)
2008-08-26 Includes\MalwareC.sbi (*)
2008-08-05 Includes\PUPS.sbi (*)
2008-08-26 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-08-26 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-08-12 Includes\Spyware.sbi (*)
2008-08-26 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-08-05 Includes\Trojans.sbi (*)
2008-08-27 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Installed Version 6, Update 7. Since I didn't know which options I could exclude, I did install the Development Kit - which is a 371MB bear. Do I need to leave that or could I uninstall it?

Done.

Yes - but I was servicing my main computer, my wife's computer, and this new one all at one time so I lost track which one/s I ran on this one. Will keep a better record next time. Sorry.

Since the computer seems to be operating very well and you didn't note anything significant, I guess we can call this thread closed - unless you think there is something else I should do. Again, thanks for your interest and help.

 

Go ahead and delete the C:\MTS folder.

On the Web tab, select (select, not check) the entry for that jpg then click Delete.

Feel free to post the Wild Tanget items not removed for perusal. (not much of a threat in any event)

That check log just tells us what modules were loaded by Spybot and their version.

You don't need the Java Development kit, unless you are developing Java based applications. Go ahead and uninstall that. You need to download the Java Runtime Environment (JRE) 6 Update 7 (5th one down) and install it.

 

Latest actions:

Both done.

--- Report generated: 2008-08-27 15:46 ---

Hint of the Day: Click the bar at the right of this to see more information! ()


WildTangent: [SBI $3A3BDC07] Program directory (Directory, fixing failed)
C:\WINDOWS\wt\

WildTangent: [SBI $DD0C3EA6] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath=...;C:\WINDOWS\wt\webdriver\wtdmmpi.jar...

WildTangent: [SBI $76830867] Program directory (Directory, fixing failed)
C:\WINDOWS\wt\wtupdates\

WildTangent: [SBI $7E3A8D37] Program directory (Directory, fixing failed)
C:\WINDOWS\wt\webdriver\



The above were the "unfixed" items. There were 72 "fixed" items - all Wild Tangent entries except for the following:



SystemDoctor2006: [SBI $EE85A97E] Program directory (Directory, fixed)
C:\Documents and Settings\Owner\Application Data\SystemDoctor 2006\

I uninstalled the Development Kit. I validated my installed version of Java with the Java website version validation tool.

 

See if you can manually delete the C:\WINDOWS\wt folder.

 

It deleted fine. I assume that was the Wild Tangent folder.

Thanks so much Dave.

 

Yes it was. You're most welcome. Glad I could help.

 

Dave,

Just a quick followup. Just ran Spybot and it found no problems - gave me a green checkmark. AdAware found 66 items - 1 critical - and removed them all with no problem. The machine seems to be running great.

 

That's great! I'll mark this topic resolved then.