1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Trojan.zlob detected

Discussion in 'Malware and Virus Removal Archive' started by Sillsy, 2008/10/01.

Thread Status:
Not open for further replies.
  1. 2008/10/01
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    [Resolved] Trojan.zlob detected

    Last night while my husband was working on the computer, I noticed a message pop up saying that a trojan had been detected, but it disappeared before I could read it all. It happened again briefly but again I couldn't read it. I did a scan using Norton Anti virus but all that came up was a low risk tracking cookie, which comes up all the time and I fixed it anyway.

    Today I decided to look further into it and looked at the security history in Norton. It showed that last night a trojan horse had been detected but not removed. It also showed that it came up a few times. I have removed one using norton and I am trying to do the same with the other warnings. They seem to be the same and it says it is Trojan.zlob which I was given more information at the following link: http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2005-042316-2917-99&tabid=2

    Norton states that this is a high risk virus, can anyone help me to make sure I do remove all of it and that I am not at risk.

    Thanks
    Sue
     
    Sillsy,
    #1
  2. 2008/10/02
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Hi,

    Read this post, then post the requested log(s).
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2008/10/02
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    log.txt:
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Owner at 2008-10-02 16:44:50
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 32 GB (55%) free of 59 GB
    Total RAM: 511 MB (11% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:45:17 PM, on 2/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
    C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    C:\program files\Telstra\Signup\tbpt.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.impressionablekids.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX9300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFP.EXE /FU "C:\DOCUME~1\Owner\LOCALS~1\Temp\E_S14.tmp" /EF "HKCU "
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36E68565-96FB-4DBE-AF27-3B5E107D75AD}: Domain = nsw.bigpond.net.au
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    --
    End of file - 11334 bytes
    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job
    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-05-11 734704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "HTpatch "=C:\WINDOWS\htpatch.exe [2002-10-30 28672]
    "SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2003-03-27 53248]
    "AGRSMMSG "=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
    "NeroCheck "=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]
    "iKeyWorks "=C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe [2003-07-29 61440]
    "WheelMouse "=C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe [2003-07-18 147456]
    "{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94} "=C:\program files\Telstra\Signup\tbpt.exe [2002-12-13 90112]
    "REGSHAVE "=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
    "SSBkgdUpdate "=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
    "PaperPort PTD "=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
    "IndexSearch "=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
    "osCheck "=C:\Program Files\Norton AntiVirus\osCheck.exe [2007-01-14 771704]
    "Google Desktop Search "=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-06 1836544]
    "Symantec PIF AlertEng "=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "itype "=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-22 813912]
    "IntelliPoint "=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 849280]
    "SMSTray "=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-09-20 132624]
    "KernelFaultCheck "=C:\WINDOWS\system32\dumprep 0 -k []
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
    "swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-08 68856]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "EPSON Stylus CX9300F Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFP.EXE [2007-03-23 182272]
    "Skype "=C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]
    "X-Cleaner Deluxe "=C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe [2008-08-07 1062920]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages "=
    scecli
    scecli
    scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "c:\windows\system32\mksc.exe "= "c:\windows\system32\mksc.exe:*:Enabled:mksc.exe "
    "c:\Documents and Settings\Owner\Local Settings\Temp\~os8.tmp\ossproxy.exe "= "c:\Documents and Settings\Owner\Local Settings\Temp\~os8.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe "
    "C:\Documents and Settings\Owner\Local Settings\Temp\~os4.tmp\ossproxy.exe "= "C:\Documents and Settings\Owner\Local Settings\Temp\~os4.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe "
    "C:\Documents and Settings\Owner\Local Settings\Temp\~os7.tmp\ossproxy.exe "= "C:\Documents and Settings\Owner\Local Settings\Temp\~os7.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe "
    "c:\Documents and Settings\Owner\Local Settings\Temp\~osB.tmp\ossproxy.exe "= "c:\Documents and Settings\Owner\Local Settings\Temp\~osB.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe "
    "C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour "
    "C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    ======List of files/folders created in the last 3 months======
    2008-10-02 16:44:50 ----DC---- C:\rsit
    2008-10-01 21:31:10 ----D---- C:\Program Files\X-Cleaner
    2008-10-01 21:03:28 ----D---- C:\Program Files\WIBU-SYSTEMS
    2008-10-01 20:07:10 ----D---- C:\Program Files\Apple Software Update
    2008-09-17 12:59:43 ----AC---- C:\Rescued document 3.txt
    2008-09-17 12:59:39 ----AC---- C:\Rescued document 2.txt
    2008-09-16 10:08:10 ----AC---- C:\Rescued document 1.txt
    2008-09-16 10:08:00 ----AC---- C:\Rescued document.txt
    2008-09-14 10:33:56 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-09-14 10:33:02 ----D---- C:\WINDOWS\temp
    2008-09-10 21:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-10 21:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-08-29 18:51:16 ----DC---- C:\Documents and Settings\Owner\Application Data\skypePM
    2008-08-29 18:48:09 ----D---- C:\Program Files\Skype
    2008-08-29 18:48:09 ----D---- C:\Program Files\Common Files\Skype
    2008-08-26 07:30:14 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
    2008-08-24 07:24:18 ----D---- C:\Program Files\Norton PC Checkup
    2008-08-20 09:45:29 ----D---- C:\Program Files\Trend Micro
    2008-08-20 08:32:56 ----DC---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2008-08-20 08:32:48 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-20 08:32:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-19 22:26:59 ----D---- C:\WINDOWS\system32\NtmsData
    2008-08-19 22:14:22 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-08-15 22:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-15 22:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-15 22:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-15 22:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-15 22:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-15 22:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-15 22:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-15 17:31:19 ----DC---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-15 16:02:54 ----D---- C:\Program Files\CCleaner
    2008-08-15 15:47:43 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-15 15:47:06 ----D---- C:\Program Files\Registry Mechanic
    2008-08-15 15:20:05 ----D---- C:\WINDOWS\ERDNT
    2008-08-15 15:07:52 ----D---- C:\Program Files\ERUNT
    2008-08-08 18:15:51 ----AC---- C:\Rescued document 5.txt
    2008-08-08 18:15:45 ----AC---- C:\Rescued document 4.txt
    2008-08-08 13:33:44 ----DC---- C:\symbols
    2008-08-08 13:33:40 ----AC---- C:\debuglog.txt
    2008-08-08 12:56:59 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
    2008-08-05 18:16:57 ----DC---- C:\Emotum
    2008-07-26 13:38:54 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-07-26 13:38:54 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-07-26 13:38:54 ----A---- C:\WINDOWS\system32\java.exe
    2008-07-23 09:15:59 ----DC---- C:\etax2008
    2008-07-14 10:48:42 ----DC---- C:\Documents and Settings\Owner\Application Data\DataCast
    2008-07-14 10:48:42 ----A---- C:\WINDOWS\system32\msxml4a.dll
    2008-07-14 10:31:51 ----A---- C:\WINDOWS\system32\TG_DUMP0708.DLL
    2008-07-14 09:35:50 ----A---- C:\WINDOWS\system32\MTXSYNCICON.dll
    2008-07-14 09:35:50 ----A---- C:\WINDOWS\system32\MTTELECHIP.dll
    2008-07-14 09:35:50 ----A---- C:\WINDOWS\system32\MSFLib.dll
    2008-07-14 09:35:50 ----A---- C:\WINDOWS\system32\MSCLib.dll
    2008-07-14 09:35:47 ----A---- C:\WINDOWS\system32\MASetupWizard.dll
    2008-07-14 09:35:47 ----A---- C:\WINDOWS\system32\MASetupCleaner.exe
    2008-07-14 09:35:46 ----A---- C:\WINDOWS\system32\muzwmts.dll
    2008-07-14 09:35:46 ----A---- C:\WINDOWS\system32\muzapp.exe
    2008-07-14 09:35:46 ----A---- C:\WINDOWS\system32\muzapp.dll
    2008-07-14 09:35:46 ----A---- C:\WINDOWS\system32\muzaf1.dll
    2008-07-14 09:35:45 ----D---- C:\Program Files\MarkAny
    2008-07-14 09:35:44 ----A---- C:\WINDOWS\system32\MK_Lyric.dll
    2008-07-14 09:35:44 ----A---- C:\WINDOWS\system32\MaXMLProto.dll
    2008-07-14 09:35:44 ----A---- C:\WINDOWS\system32\MAMACExtract.dll
    2008-07-14 09:35:44 ----A---- C:\WINDOWS\system32\MaJUtilLib.dll
    2008-07-14 09:35:43 ----A---- C:\WINDOWS\system32\MaJGUILib.dll
    2008-07-14 09:35:43 ----A---- C:\WINDOWS\system32\MACXMLProto.dll
    2008-07-14 09:35:29 ----A---- C:\WINDOWS\system32\MaDRM.dll
    2008-07-14 09:35:18 ----A---- C:\WINDOWS\system32\vorbisenc.dll
    2008-07-14 09:35:18 ----A---- C:\WINDOWS\system32\Ogg.dll
    2008-07-14 09:35:17 ----A---- C:\WINDOWS\system32\vorbis.dll
    2008-07-14 09:35:17 ----A---- C:\WINDOWS\system32\unicows.dll
    2008-07-14 09:35:17 ----A---- C:\WINDOWS\system32\tg_dump.dll
    2008-07-14 09:35:17 ----A---- C:\WINDOWS\system32\OggDS.dll
    2008-07-14 09:35:14 ----D---- C:\Program Files\Samsung
    2008-07-10 21:53:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

    ======List of files/folders modified in the last 3 months======
    2008-10-02 16:44:52 ----D---- C:\WINDOWS\Prefetch
    2008-10-01 21:31:10 ----RD---- C:\Program Files
    2008-10-01 21:29:22 ----D---- C:\WINDOWS\system32
    2008-10-01 21:22:11 ----SHD---- C:\WINDOWS\Installer
    2008-10-01 21:14:31 ----D---- C:\WINDOWS
    2008-10-01 21:10:01 ----HD---- C:\WINDOWS\inf
    2008-10-01 21:10:01 ----D---- C:\WINDOWS\system32\drivers
    2008-10-01 20:57:57 ----D---- C:\Program Files\Graphisoft
    2008-10-01 20:10:05 ----D---- C:\Program Files\QuickTime
    2008-10-01 20:09:31 ----DC---- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-10-01 20:07:16 ----SD---- C:\WINDOWS\Tasks
    2008-10-01 16:03:22 ----DC---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-01 15:52:15 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-10-01 08:53:37 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-09-30 08:31:49 ----D---- C:\Program Files\FinePixViewer
    2008-09-16 21:03:17 ----DC---- C:\Documents and Settings\Owner\Application Data\Adobe
    2008-09-16 19:46:00 ----DC---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-09-16 13:59:26 ----D---- C:\Program Files\Adobe
    2008-09-16 13:56:08 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-09-14 10:36:06 ----D---- C:\WINDOWS\system32\CatRoot
    2008-09-14 10:27:08 ----D---- C:\WINDOWS\Minidump
    2008-09-14 10:27:08 ----D---- C:\WINDOWS\Debug
    2008-09-10 21:54:06 ----D---- C:\WINDOWS\WinSxS
    2008-09-10 21:53:14 ----HD---- C:\WINDOWS\$hf_mig$
    2008-09-04 09:54:07 ----DC---- C:\Documents and Settings\Owner\Application Data\Skype
    2008-09-04 08:51:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-09-03 07:45:17 ----D---- C:\WINDOWS\Help
    2008-08-29 18:48:13 ----DC---- C:\Documents and Settings\All Users\Application Data\Skype
    2008-08-29 18:48:09 ----D---- C:\Program Files\Common Files
    2008-08-27 06:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-08-24 07:25:47 ----SHD---- C:\RECYCLER
    2008-08-23 22:03:30 ----D---- C:\WINDOWS\system32\Adobe
    2008-08-23 21:54:12 ----D---- C:\WINDOWS\system32\Macromed
    2008-08-22 07:56:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-08-21 22:47:00 ----D---- C:\WINDOWS\security
    2008-08-21 22:02:58 ----D---- C:\WINDOWS\system32\wbem
    2008-08-20 15:23:01 ----D---- C:\Program Files\Java
    2008-08-15 22:05:36 ----D---- C:\Program Files\Messenger
    2008-08-15 22:02:51 ----D---- C:\Program Files\Internet Explorer
    2008-08-15 16:03:18 ----D---- C:\Program Files\Yahoo!
    2008-08-12 15:54:14 ----D---- C:\Program Files\Brother
    2008-08-12 15:54:06 ----D---- C:\Program Files\Common Files\InstallShield
    2008-08-07 14:03:37 ----D---- C:\Program Files\Norton Security Scan
    2008-08-05 18:16:57 ----DC---- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-08-03 12:27:31 ----D---- C:\WINDOWS\system32\Restore
    2008-08-01 19:43:06 ----D---- C:\WINDOWS\network diagnostic
    2008-08-01 19:29:16 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
    2008-08-01 18:42:05 ----DC---- C:\Documents and Settings\Owner\Application Data\MSN6
    2008-07-29 15:23:26 ----D---- C:\Program Files\Norton AntiVirus
    2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
    2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-07-14 21:09:18 ----A---- C:\WINDOWS\system32\tzchange.exe
    2008-07-14 09:36:41 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-07-08 06:32:22 ----A---- C:\WINDOWS\system32\es.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-09-18 43696]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-10 191544]
    R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
    R3 2WIREPCP;2Wire USB; C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2007-12-20 68672]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-01 719052]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081001.003\NAVENG.SYS []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081001.003\NAVEX15.SYS []
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
    R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
    R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-09-18 278576]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-01-10 12984]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-01-10 145976]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-01-10 40120]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080926.001\SymIDSCo.sys []
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-01-10 35256]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-10 27576]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\System32\DRIVERS\Amps2prt.sys [2003-02-26 9728]
    S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\system32\DRIVERS\enethusb.sys [2004-12-18 28005]
    S3 SIVDRIVER;SIV Kernel Driver; \??\C:\WINDOWS\system32\Drivers\SIVX32.sys []
    S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-09-18 317616]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    More to follow...
     
    Sillsy,
    #3
  5. 2008/10/02
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    Here's the rest of the first log..

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
    R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
    R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-08 138680]
    R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
    R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-02 1252232]
    S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe []
    S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-12 72704]
    S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-06 1836544]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2007-01-14 80504]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    -----------------EOF-----------------
     
    Sillsy,
    #4
  6. 2008/10/02
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    The second log:

    info.txt:
    info.txt logfile of random's system information tool 1.04 2008-10-02 16:45:24

    ======Uninstall list======

    -->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
    -->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    24 Games for Windows 95-->C:\WINDOWS\uninst.exe -f "C:\Program Files\Expert Software\24 Games for Windows 95\DeIsL1.isu "
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
    Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe InDesign CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll ",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe "
    Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
    Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
    Adobe Setup-->MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    Agere Systems PCI Soft Modem-->agrsmdel
    AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
    Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
    AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
    BigPond Broadband ADSL FAQ-->MsiExec.exe /I{86EAA5D0-3445-4945-993A-98F128C9299E}
    Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x9 UNINST
    ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
    CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Debugging Tools for Windows (x86)-->MsiExec.exe /I{1CD0C3C5-809D-4CFC-904A-1B67C6243637}
    Enable S3 for USB Device-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu "
    EndNote X.0.2 Volume License Edition-->MsiExec.exe /I{FE4BD9BD-4A26-4F39-B12C-19336204B102}
    EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x9 UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
    EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Stylus CX9300F_DX9400F Manual-->C:\Program Files\EPSON\TPMANUAL\ES_CX9300F_DX9400F\ENG\USE_G\DOCUNINS.EXE
    EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
    e-Record 6-->C:\Informed\EREC2\unwise.exe C:\Informed\EREC2\install.log
    ERUNT 1.1j--> "C:\Program Files\ERUNT\unins000.exe "
    e-tax 2008-->C:\etax2008\e-tax 2008_uninstall.exe
    FileASSASSIN-->C:\Documents and Settings\Owner\Desktop\FileASSASSIN\uninst.exe
    FileNet Desktop eForms-->MsiExec.exe /I{42CFD768-94A5-4C0D-A49A-88B536BAC551}
    FinePixViewer Ver.4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
    FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll "
    Google Updater--> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
    Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
    Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB914440)--> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB926239)--> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB929120)--> "C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
    HyperStudio 4 Player-->C:\Program Files\HyperStudio 4 Player\Unwise32.exe C:\WINDOWS\HSPLAYER.LOG
    iKeyWorks 6.16-->C:\Program Files\A4Tech\Keyboard\Uninst32.exe
    ImageMixer VCD2 for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
    Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
    ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
    iWheelWorks V7.42-->C:\Program Files\A4Tech\Mouse\Uninst32.exe
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    LiveUpdate 3.2 (Symantec Corporation)--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
    Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
    Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
    Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
    Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
    Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
    Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
    Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
    MicroStaff WINASPI-->C:\MWASPI\uninst.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
    NetComm 56K Inmodem (IN5920)-->agrsmdel
    Norton AntiVirus (Symantec Corporation)--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
    Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
    Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
    Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
    Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
    Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
    Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
    Norton Security Scan-->MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
    OpenOffice.org 1.0.1-->C:\Program Files\OpenOffice.org1.0.1\program\setup.exe -deinstall
    PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
    PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
    RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
    Samsung Media Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe" -l0x9
    Scholastic's I SPY Junior-->C:\PROGRA~1\SCHOLA~1\ISPYJU~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYJU~1\INSTALL.LOG
    Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
    Security Update for Windows Media Player (KB911564)--> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 6.4 (KB925398)--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 9 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 9 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 9 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB883939)--> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB890046)--> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896358)--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896422)--> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896423)--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896424)--> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896688)--> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB899588)--> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB899591)--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB901190)--> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB901214)--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB903235)--> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB904706)--> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB905915)--> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB908519)--> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB908531)--> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB911562)--> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB911567)--> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB911927)--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB912812)--> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB912919)--> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB913446)--> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB913580)--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB914388)--> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB914389)--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB916281)--> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917159)--> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917344)--> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917422)--> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917953)--> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB918118)--> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB918439)--> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB918899)--> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB919007)--> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920213)--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920214)--> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920670)--> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920683)--> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920685)--> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB921398)--> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB921503)--> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB921883)--> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB922616)--> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB922760)--> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB922819)--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923191)--> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923414)--> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923689)--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923694)--> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923980)--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924191)--> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924270)--> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924496)--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924667)--> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB925454)--> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB925486)--> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB925902)--> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB926255)--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB926436)--> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB927779)--> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB927802)--> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB928090)--> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB928255)--> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB928843)--> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB929123)--> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB929969)--> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB930178)--> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB931261)--> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB931768)--> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB931784)--> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB932168)--> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB933566)--> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB933729)--> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB935839)--> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB935840)--> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB936021)--> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB937143)--> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938127)--> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938829)--> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB939653)--> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941202)--> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941568)--> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941644)--> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941693)--> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB942615)--> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943055)--> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943460)--> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943485)--> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB944653)--> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB945553)--> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB946026)--> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB948590)--> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB948881)--> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950749)--> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
    Sesame Street Baby and Me-->C:\Program Files\The Learning Company\Sesame Street\BabyMe\uninstal.exe
    Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
    Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
    SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
    Telstra BigPond-->C:\program files\Telstra\Signup\tbpt.exe /u
    Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
    Update for Windows XP (KB896727)--> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe "
    Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
    Update for Windows XP (KB900485)--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
    Update for Windows XP (KB904942)--> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe "
    Update for Windows XP (KB910437)--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
    Update for Windows XP (KB911280)--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
    Update for Windows XP (KB916595)--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
    Update for Windows XP (KB920872)--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
    Update for Windows XP (KB922582)--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
    Update for Windows XP (KB927891)--> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
    Update for Windows XP (KB929338)--> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe "
    Update for Windows XP (KB930916)--> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
    Update for Windows XP (KB931836)--> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe "
    Update for Windows XP (KB932823-v3)--> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe "
    Update for Windows XP (KB933360)--> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe "
    Update for Windows XP (KB936357)--> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe "
    Update for Windows XP (KB938828)--> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
    Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
    Update for Windows XP (KB942840)--> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe "
    Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
    Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe "
    Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
    Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
    Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
    Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
    Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
    Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
    Windows XP Hotfix - KB890923--> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe "
    Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Windows XP Hotfix - KB893066--> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe "
    Windows XP Hotfix - KB893086--> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe "
    Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    X-Cleaner Deluxe-->C:\PROGRA~1\X-Cleaner\UNWISE.EXE C:\PROGRA~1\X-Cleaner\INSTALL.LOG
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

    =====HijackThis Backups=====

    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

    ======Security center information======

    AV: Norton AntiVirus
    FW: Norton AntiVirus

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
    "windir "=%SystemRoot%
    "OS "=Windows_NT
    "PROCESSOR_ARCHITECTURE "=x86
    "PROCESSOR_LEVEL "=15
    "PROCESSOR_IDENTIFIER "=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    "PROCESSOR_REVISION "=0209
    "NUMBER_OF_PROCESSORS "=1
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK "=NO
    "CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA "=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------

    Thanks
     
    Sillsy,
    #5
  7. 2008/10/02
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a HJT log and start a new topic.


    Welcome


    Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close every window that is open later in the fix.



    Go to My Computer->Tools->Folder Options->View tab:

    [*]Under the Hidden files and folders heading:

    [*]Select - Show hidden files and folders.

    [*]Uncheck- Hide protected operating system files (recommended) option.

    [*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

    [*] Click OK. (Remember to Hide files and folders once done)

    Using Windows Explorer (right-click your "Start" button and select "Explore "), please navigate to and delete the following files/folders in bold

    C:\WINDOWS\tasks\At1.job
    c:\windows\system32\mksc.exe
    c:\Documents and Settings\Owner\Local Settings\Temp<--delete all inside this folder




    NEXT**
    Go to Start > Control Panel > Internet Options
    In the General tab, Temporary Internet Files, click:Delete Files When prompted, check:Delete all offline content
    You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.)
    Click OK

    For I.E. 7 - under Browsing History, click delete... Under Temporary Internet Files, click Delete files...

    Then, go to Start >Run and enter: cleanmgr
    Select the drive to clean: C:\
    Check the following boxes and then press OK to remove:
    Temporary Files
    Temporary Internet Files
    RecycleBin
    Agree to the prompt to perform the action...

    NEXT**
    Please download Malwarebytes' Anti-Malware to your desktop

    Additional Link

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location.
    * You can also access the log by doing the following:

    o Click on the Malwarebytes' Anti-Malware icon to launch the program.
    o Click on the Logs tab.
    o Click on the log at the bottom of those listed to highlight it.
    o Click Open.

    Tutorial if needed
    http://thespykiller.co.uk/index.php/topic,5946.0.html

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




    You may need several replies to post the requested logs, otherwise they might get cut off.


    In your next reply post:
    Malwarebytes' Anti-Malware log
    New HJT log
     
    Juliet,
    #6
  8. 2008/10/03
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    Malwarebytes log:

    Malwarebytes' Anti-Malware 1.25
    Database version: 1062
    Windows 5.1.2600 Service Pack 2

    10:29:16 PM 3/10/2008
    mbam-log-10-03-2008 (22-29-16).txt

    Scan type: Quick Scan
    Objects scanned: 40884
    Time elapsed: 11 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Owner\Desktop\RSIT.exe (Trojan.Agent) -> Quarantined and

    deleted successfully.
    C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted

    successfully.
     
    Sillsy,
    #7
  9. 2008/10/03
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    Just to note:

    I couldn't find c:\windows\system32\mksc.exe

    I couldn't delete DF86C9 in Temp folder, told me it was being used, but nothing was open.

    When you ask me to post new HJT log, does this come from RSIT? If so here is the log.txt:

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Owner at 2008-10-03 22:36:06
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 32 GB (55%) free of 59 GB
    Total RAM: 511 MB (14% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:36:33 PM, on 3/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
    C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    C:\program files\Telstra\Signup\tbpt.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AH8V8RHO\RSIT[1].exe
    C:\Program Files\Trend Micro\HijackThis\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.impressionablekids.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX9300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFP.EXE /FU "C:\DOCUME~1\Owner\LOCALS~1\Temp\E_S14.tmp" /EF "HKCU "
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36E68565-96FB-4DBE-AF27-3B5E107D75AD}: Domain = nsw.bigpond.net.au
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 11595 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job
    C:\WINDOWS\tasks\Norton Security Scan for Owner.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-05-11 734704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "HTpatch "=C:\WINDOWS\htpatch.exe [2002-10-30 28672]
    "SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2003-03-27 53248]
    "AGRSMMSG "=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
    "NeroCheck "=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]
    "iKeyWorks "=C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe [2003-07-29 61440]
    "WheelMouse "=C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe [2003-07-18 147456]
    "{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94} "=C:\program files\Telstra\Signup\tbpt.exe [2002-12-13 90112]
    "REGSHAVE "=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
    "SSBkgdUpdate "=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
    "PaperPort PTD "=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
    "IndexSearch "=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
    "osCheck "=C:\Program Files\Norton AntiVirus\osCheck.exe [2007-01-14 771704]
    "Google Desktop Search "=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-06 1836544]
    "Symantec PIF AlertEng "=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "itype "=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-22 813912]
    "IntelliPoint "=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 849280]
    "SMSTray "=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-09-20 132624]
    "KernelFaultCheck "=C:\WINDOWS\system32\dumprep 0 -k []
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
    "Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
    "swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-08 68856]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "EPSON Stylus CX9300F Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFP.EXE [2007-03-23 182272]
    "Skype "=C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]
    "X-Cleaner Deluxe "=C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe [2008-08-07 1062920]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages "=
    scecli
    scecli
    scecli

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders "=msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "c:\windows\system32\mksc.exe "= "c:\windows\system32\mksc.exe:*:Enabled:mksc.exe "
    "c:\Documents and Settings\Owner\Local Settings\Temp\~os8.tmp\ossproxy.exe "= "c:\Documents and Settings\Owner\Local Settings\Temp\~os8.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe "
    "C:\Documents and Settings\Owner\Local Settings\Temp\~os4.tmp\ossproxy.exe "= "C:\Documents and Settings\Owner\Local Settings\Temp\~os4.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe "
    "C:\Documents and Settings\Owner\Local Settings\Temp\~os7.tmp\ossproxy.exe "= "C:\Documents and Settings\Owner\Local Settings\Temp\~os7.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe "
    "c:\Documents and Settings\Owner\Local Settings\Temp\~osB.tmp\ossproxy.exe "= "c:\Documents and Settings\Owner\Local Settings\Temp\~osB.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe "
    "C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour "
    "C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
    "C:\Program Files\Graphisoft\ArchiCAD\ArchiCAD.exe "= "C:\Program Files\Graphisoft\ArchiCAD\ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    ======File associations======

    .reg - open - regedit.exe "%1" %*
    .scr - open - "%1" %*

    ======List of files/folders created in the last 3 months======

    2008-10-03 18:13:44 ----D---- C:\Program Files\Norton Security Scan
    2008-10-02 18:06:36 ----D---- C:\Program Files\Windows Defender
    2008-10-02 17:55:45 ----A---- C:\WINDOWS\system32\BASSMOD.dll
    2008-10-02 17:46:13 ----A---- C:\WINDOWS\system32\WkExt32.dll
    2008-10-02 17:46:13 ----A---- C:\WINDOWS\system32\WibuXpm4J32.dll
    2008-10-02 17:46:13 ----A---- C:\WINDOWS\system32\wibuKJni.dll
    2008-10-02 17:46:12 ----A---- C:\WINDOWS\system32\WkDos.exe
    2008-10-02 17:45:53 ----A---- C:\WINDOWS\system32\WkWin32.dll
    2008-10-02 17:45:49 ----D---- C:\Program Files\WIBUKEY
    2008-10-02 16:44:50 ----DC---- C:\rsit
    2008-10-01 21:31:10 ----D---- C:\Program Files\X-Cleaner
    2008-10-01 21:03:28 ----D---- C:\Program Files\WIBU-SYSTEMS
    2008-10-01 20:07:10 ----D---- C:\Program Files\Apple Software Update
    2008-09-17 12:59:43 ----AC---- C:\Rescued document 3.txt
    2008-09-17 12:59:39 ----AC---- C:\Rescued document 2.txt
    2008-09-16 10:08:10 ----AC---- C:\Rescued document 1.txt
    2008-09-16 10:08:00 ----AC---- C:\Rescued document.txt
    2008-09-14 10:33:56 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-09-14 10:33:02 ----D---- C:\WINDOWS\temp
    2008-09-10 21:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-10 21:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-08-29 18:51:16 ----DC---- C:\Documents and Settings\Owner\Application Data\skypePM
    2008-08-29 18:48:09 ----D---- C:\Program Files\Skype
    2008-08-29 18:48:09 ----D---- C:\Program Files\Common Files\Skype
    2008-08-26 07:30:14 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
    2008-08-24 07:24:18 ----D---- C:\Program Files\Norton PC Checkup
    2008-08-20 09:45:29 ----D---- C:\Program Files\Trend Micro
    2008-08-20 08:32:56 ----DC---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2008-08-20 08:32:48 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-20 08:32:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-19 22:26:59 ----D---- C:\WINDOWS\system32\NtmsData
    2008-08-19 22:14:22 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-08-15 22:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-15 22:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-15 22:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-15 22:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-15 22:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-15 22:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-15 22:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-15 17:31:19 ----DC---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-15 16:02:54 ----D---- C:\Program Files\CCleaner
    2008-08-15 15:47:43 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-15 15:47:06 ----D---- C:\Program Files\Registry Mechanic
    2008-08-15 15:20:05 ----D---- C:\WINDOWS\ERDNT
    2008-08-15 15:07:52 ----D---- C:\Program Files\ERUNT
    2008-08-08 18:15:51 ----AC---- C:\Rescued document 5.txt
    2008-08-08 18:15:45 ----AC---- C:\Rescued document 4.txt
    2008-08-08 13:33:44 ----DC---- C:\symbols
    2008-08-08 13:33:40 ----AC---- C:\debuglog.txt
    2008-08-08 12:56:59 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
    2008-08-05 18:16:57 ----DC---- C:\Emotum
    2008-07-26 13:38:54 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-07-26 13:38:54 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-07-26 13:38:54 ----A---- C:\WINDOWS\system32\java.exe
    2008-07-23 09:15:59 ----DC---- C:\etax2008
    2008-07-14 10:48:42 ----DC---- C:\Documents and Settings\Owner\Application Data\DataCast
    2008-07-14 10:48:42 ----A---- C:\WINDOWS\system32\msxml4a.dll
    2008-07-14 10:31:51 ----A---- C:\WINDOWS\system32\TG_DUMP0708.DLL
    2008-07-14 09:35:50 ----A---- C:\WINDOWS\system32\MTXSYNCICON.dll
    2008-07-14 09:35:50 ----A---- C:\WINDOWS\system32\MTTELECHIP.dll
    2008-07-14 09:35:50 ----A---- C:\WINDOWS\system32\MSFLib.dll
    2008-07-14 09:35:50 ----A---- C:\WINDOWS\system32\MSCLib.dll
    2008-07-14 09:35:47 ----A---- C:\WINDOWS\system32\MASetupWizard.dll
    2008-07-14 09:35:47 ----A---- C:\WINDOWS\system32\MASetupCleaner.exe
    2008-07-14 09:35:46 ----A---- C:\WINDOWS\system32\muzwmts.dll
    2008-07-14 09:35:46 ----A---- C:\WINDOWS\system32\muzapp.exe
    2008-07-14 09:35:46 ----A---- C:\WINDOWS\system32\muzapp.dll
    2008-07-14 09:35:46 ----A---- C:\WINDOWS\system32\muzaf1.dll
    2008-07-14 09:35:45 ----D---- C:\Program Files\MarkAny
    2008-07-14 09:35:44 ----A---- C:\WINDOWS\system32\MK_Lyric.dll
    2008-07-14 09:35:44 ----A---- C:\WINDOWS\system32\MaXMLProto.dll
    2008-07-14 09:35:44 ----A---- C:\WINDOWS\system32\MAMACExtract.dll
    2008-07-14 09:35:44 ----A---- C:\WINDOWS\system32\MaJUtilLib.dll
    2008-07-14 09:35:43 ----A---- C:\WINDOWS\system32\MaJGUILib.dll
    2008-07-14 09:35:43 ----A---- C:\WINDOWS\system32\MACXMLProto.dll
    2008-07-14 09:35:29 ----A---- C:\WINDOWS\system32\MaDRM.dll
    2008-07-14 09:35:18 ----A---- C:\WINDOWS\system32\vorbisenc.dll
    2008-07-14 09:35:18 ----A---- C:\WINDOWS\system32\Ogg.dll
    2008-07-14 09:35:17 ----A---- C:\WINDOWS\system32\vorbis.dll
    2008-07-14 09:35:17 ----A---- C:\WINDOWS\system32\unicows.dll
    2008-07-14 09:35:17 ----A---- C:\WINDOWS\system32\tg_dump.dll
    2008-07-14 09:35:17 ----A---- C:\WINDOWS\system32\OggDS.dll
    2008-07-14 09:35:14 ----D---- C:\Program Files\Samsung
    2008-07-10 21:53:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

    ======List of files/folders modified in the last 3 months======

    2008-10-03 22:36:10 ----D---- C:\WINDOWS\Prefetch
    2008-10-03 22:05:59 ----D---- C:\WINDOWS
    2008-10-03 20:27:21 ----D---- C:\WINDOWS\system32
    2008-10-03 18:14:28 ----DC---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-03 18:14:25 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-10-03 18:14:14 ----SD---- C:\WINDOWS\Tasks
    2008-10-03 18:13:47 ----SHD---- C:\WINDOWS\Installer
    2008-10-03 18:13:44 ----RD---- C:\Program Files
    2008-10-03 07:15:05 ----HD---- C:\WINDOWS\inf
    2008-10-02 18:29:15 ----DC---- C:\Documents and Settings\Owner\Application Data\Graphisoft
    2008-10-02 18:21:24 ----D---- C:\Program Files\Graphisoft
    2008-10-02 18:06:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-10-02 18:06:37 ----D---- C:\WINDOWS\PCHealth
    2008-10-02 18:06:36 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-10-02 18:01:14 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-10-02 17:45:56 ----D---- C:\WINDOWS\system32\drivers
    2008-10-01 20:10:05 ----D---- C:\Program Files\QuickTime
    2008-10-01 20:09:31 ----DC---- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-30 08:31:49 ----D---- C:\Program Files\FinePixViewer
    2008-09-16 21:03:17 ----DC---- C:\Documents and Settings\Owner\Application Data\Adobe
    2008-09-16 19:46:00 ----DC---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-09-16 13:59:26 ----D---- C:\Program Files\Adobe
    2008-09-16 13:56:08 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-09-14 10:36:06 ----D---- C:\WINDOWS\system32\CatRoot
    2008-09-14 10:27:08 ----D---- C:\WINDOWS\Minidump
    2008-09-14 10:27:08 ----D---- C:\WINDOWS\Debug
    2008-09-10 21:54:06 ----D---- C:\WINDOWS\WinSxS
    2008-09-10 21:53:14 ----HD---- C:\WINDOWS\$hf_mig$
    2008-09-04 09:54:07 ----DC---- C:\Documents and Settings\Owner\Application Data\Skype
    2008-09-04 08:51:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-09-03 07:45:17 ----D---- C:\WINDOWS\Help
    2008-08-29 18:48:13 ----DC---- C:\Documents and Settings\All Users\Application Data\Skype
    2008-08-29 18:48:09 ----D---- C:\Program Files\Common Files
    2008-08-27 06:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-08-24 07:25:47 ----SHD---- C:\RECYCLER
    2008-08-23 22:03:30 ----D---- C:\WINDOWS\system32\Adobe
    2008-08-23 21:54:12 ----D---- C:\WINDOWS\system32\Macromed
    2008-08-22 07:56:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-08-21 22:47:00 ----D---- C:\WINDOWS\security
    2008-08-21 22:02:58 ----D---- C:\WINDOWS\system32\wbem
    2008-08-20 15:23:01 ----D---- C:\Program Files\Java
    2008-08-15 22:05:36 ----D---- C:\Program Files\Messenger
    2008-08-15 22:02:51 ----D---- C:\Program Files\Internet Explorer
    2008-08-15 16:03:18 ----D---- C:\Program Files\Yahoo!
    2008-08-12 15:54:14 ----D---- C:\Program Files\Brother
    2008-08-12 15:54:06 ----D---- C:\Program Files\Common Files\InstallShield
    2008-08-05 18:16:57 ----DC---- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-08-03 12:27:31 ----D---- C:\WINDOWS\system32\Restore
    2008-08-01 19:43:06 ----D---- C:\WINDOWS\network diagnostic
    2008-08-01 19:29:16 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
    2008-08-01 18:42:05 ----DC---- C:\Documents and Settings\Owner\Application Data\MSN6
    2008-07-29 15:23:26 ----D---- C:\Program Files\Norton AntiVirus
    2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
    2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-07-14 21:09:18 ----A---- C:\WINDOWS\system32\tzchange.exe
    2008-07-08 06:32:22 ----A---- C:\WINDOWS\system32\es.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
     
    Sillsy,
    #8
  10. 2008/10/03
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    here's the rest of the log...

    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-09-18 43696]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-10 191544]
    R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
    R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2007-05-16 72704]
    R3 2WIREPCP;2Wire USB; C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2007-12-20 68672]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-01 719052]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081002.004\NAVENG.SYS []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081002.004\NAVEX15.SYS []
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
    R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
    R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-09-18 278576]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-01-10 12984]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-01-10 145976]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-01-10 40120]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080926.001\SymIDSCo.sys []
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-01-10 35256]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-10 27576]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\System32\DRIVERS\Amps2prt.sys [2003-02-26 9728]
    S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\system32\DRIVERS\enethusb.sys [2004-12-18 28005]
    S3 EraserUtilDrv10821;EraserUtilDrv10821; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys []
    S3 SIVDRIVER;SIV Kernel Driver; \??\C:\WINDOWS\system32\Drivers\SIVX32.sys []
    S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-09-18 317616]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
    R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
    R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-08 138680]
    R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
    R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-02 1252232]
    S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe []
    S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-12 72704]
    S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-06 1836544]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2007-01-14 80504]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    -----------------EOF-----------------
     
    Sillsy,
    #9
  11. 2008/10/03
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Welcome back
    When this occurs try this technique

    Reboot your computer into SafeMode
    You can do this by restarting your computer and tapping the F8 key before Windows starts
    You are presented with a Windows XP Advanced Options menu
    Use your up arrow key to highlight SafeMode then hit enter.

    How to start Windows in Safe Mode
    http://www.bleepingcomputer.com/tutorials/tutorial61.html
    I'm sorry, I forget RSIT doesn't install HJT.

    Do this next


    Download Trend Micro Hijack Thisâ„¢ and save to desktop.
    It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.
    Doubleclick the HJTInstall.exe to start it.
    By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.

    Accept the license agreement by clicking the "I Accept" button.
    Click on the "Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click "Save log" to save the log file and then the log will open in Notepad.
    Click on Edit-> Select All then click on "Edit -> Copy " to copy the entire contents of the log.


    Reply back with a HJT log and please also give me an update on how the computer is at the moment.
     
    Juliet,
    #10
  12. 2008/10/29
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    I am having trouble even starting my computer, it gets to the welcome screen and then shuts itself down. I am able to access this website from work, but that doesn't help me work on my computer. If I can get my computer to start I will get back to you. I don't think it is a virus issue though, as my husbands mate was installing something on the computer which caused the virus warning, but it was a crack file that was the issue. That was all sorted but before I could get back to this thread the computer started crashing and I have been unable to get any further details.

    Looks like I might be taking it to a repairer.
     
    Sillsy,
    #11
  13. 2008/10/29
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Not sounding good at all, and since we started helping 3 weeks has past since your last reply and a lot can happen in that amount of time.
    It's possible a driver or a critical system file has borked out or something closely related.
    yes, please.
     
    Juliet,
    #12
  14. 2008/10/30
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    My husband had taken our computer to a shop to be fixed yesterday. The guy seems to think it is a power supply problem as it starts to boot up and then shuts down completely, and you need to wait between 5 and 20 seconds before it will let you turn it on again. He said he will try to find where the problem is and that he should be able to save everything. What do you think?
     
    Sillsy,
    #13
  15. 2008/10/30
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    After you get your machine back, if you like we can run scans again to check for malware.

    Good luck with your machine.
     
    Juliet,
    #14
  16. 2008/10/30
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    Thanks, fingers are crossed!
     
    Sillsy,
    #15
  17. 2008/11/07
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    I'm back, I have a new computer with all my old data transferred over, except a few minor issues it seems to be ok. I have a question in regards to my antivirus software, I will post a thread in a more appropriate area.
     
    Sillsy,
    #16
  18. 2008/11/08
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Wowssa a new computer!...sounds great

    What questions do you have about Antivirus and possibly Firewalls do you have?
    I might be able to help?
     
    Juliet,
    #17
  19. 2008/11/08
    Sillsy

    Sillsy Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    56
    Likes Received:
    0
    Sillsy,
    #18
  20. 2008/11/09
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Good luck Sue, safe surfing
     
    Juliet,
    #19
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...