Virus disabled antivirus and Security Center

January 12, 2010 at 16:25:57
Specs: Windows XP

Alright, so I've seen many posting with similar problems as this but none of the fixes (downloading AVG antivirus, HiJack This, Malwarebytes, etc) have worked. This is my mom's computer so I'm trying to fix it for her. This started yesterday when she turned the computer on. She said there were 6 or 7 popup windows from AdAware that said there has been a severe security breach on your system and about 4 others were the typical popup windows from Internet explorer that say "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience" Then of course there is the choice to Send Error Report to Microsoft or Don't Send. When you click either option, IE closes. I attempted to run an AdAware scan but with no results, the program didn't seem to be working. I also attempted to run a virus scan but the program (Microsoft Security Essentials) would not open. I then opened the Microsoft Security Center and it had clearly been disabled and I see no way of enabling it again. I uninstalled Microsoft Security Essentials with the intention of reinstalling it but could not reinstall it without getting errors. I disconnected the computer from the internet and shut it down for the night and am back working on it tonight. I've tried suggestions from other threads found on this website but to no avail. The "IE has encountered a problem and needs to close..." box pops up every minute or so and if I just drag it to the corner of the screen and don't click either the Send or Don't Send option I can still use IE. I've tried using Firefox as well but the same problem/popup still happens but this time it is specific to Firefox. The same popup also comes up when you turn the computer on about "Google Installer" needing to close/sending an error report. Also, when you google something or use the Google toolbar in either browser it redirects you to random websites I've never seen before. The computer also plays random song clips that sound like commercials every minute or so as well. When I tried using the fixes suggested in other posts it ran into problems, it says it detected that Microsoft Security Essentials is still installed but when I go to Add/Remove programs it just isn't there and I know that I specifically uninstalled it last night.

Any suggestions are greatly appreciated! Thank you!


See More: Virus disabled antivirus and Security Center

Report •


#1
January 12, 2010 at 17:05:29

You can download this to a usb storage device or a cd. Make sure you can boot the computer into safe mode and use only the F8 method. If on reboot from running TDSSKiller the computer stalls boot into safe mode and choose "last know good configuration" and the computer will boot up.

To boot the computer into safe mode using the F8 method shut the computer down for 30 seconds. Restart the computer and start tapping F8 about every second. An option screen should appear..follow the prompts.

Run TDSSKiller from normal mode.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. It will extract to an unzipped folder, drag TDSSKiller.exe out of that folder onto the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
January 13, 2010 at 04:17:08

Below are all three log files. Also, I'm not sure this computer is letting me boot in safemode. When I pressed F8 repeatedly as it loads, a black screen with white letters comes up and basically makes me select Windows XP as the operating system. I do that, click enter and it boots in normal mode or at least what appears to be. It certainly looks nothing like any Safe Mode I've ever seen before. Also, before I was able to post this the computer froze and I had to restart it and I've had none of the popups since the restart. Could it be cured already? What virus software do you recommend once we've got this all figured out and cleaned up? Do you have an opinon on free vs. paid? Thanks!

TDSSKiller Results:

21:05:50:391 1624 TDSS rootkit removing tool 2.2.0 Jan 11 2010 08:45:19
21:05:50:391 1624 ================================================================================
21:05:50:391 1624 SystemInfo:

21:05:50:391 1624 OS Version: 5.1.2600 ServicePack: 3.0
21:05:50:391 1624 Product type: Workstation
21:05:50:391 1624 ComputerName: KITCHEN
21:05:50:391 1624 UserName: Pat
21:05:50:391 1624 Windows directory: C:\WINDOWS
21:05:50:391 1624 Processor architecture: Intel x86
21:05:50:391 1624 Number of processors: 2
21:05:50:391 1624 Page size: 0x1000
21:05:50:391 1624 Boot type: Normal boot
21:05:50:391 1624 ================================================================================
21:05:50:422 1624 UnloadDriverW: NtUnloadDriver error 2
21:05:50:422 1624 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:05:50:422 1624 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
21:05:50:469 1624 UtilityInit: KLMD drop and load success
21:05:50:469 1624 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
21:05:50:469 1624 UtilityInit: KLMD open success
21:05:50:469 1624 UtilityInit: Initialize success
21:05:50:469 1624
21:05:50:469 1624 Scanning Services ...
21:05:50:469 1624 CreateRegParser: Registry parser init started
21:05:50:469 1624 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
21:05:50:469 1624 CreateRegParser: DisableWow64Redirection error
21:05:50:469 1624 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:05:50:469 1624 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
21:05:50:469 1624 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:05:50:469 1624 wfopen_ex: Trying to KLMD file open
21:05:50:469 1624 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
21:05:50:469 1624 wfopen_ex: File opened ok (Flags 2)
21:05:50:469 1624 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: DB4B28
21:05:50:469 1624 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:05:50:469 1624 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
21:05:50:469 1624 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:05:50:469 1624 wfopen_ex: Trying to KLMD file open
21:05:50:469 1624 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
21:05:50:469 1624 wfopen_ex: File opened ok (Flags 2)
21:05:50:469 1624 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: DB4A18
21:05:50:469 1624 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
21:05:50:469 1624 CreateRegParser: EnableWow64Redirection error
21:05:50:469 1624 CreateRegParser: RegParser init completed
21:05:50:938 1624 GetAdvancedServicesInfo: Raw services enum returned 333 services
21:05:50:938 1624 ScanTDL2Services: Exact detect H8SRTd.sys (h: 1)
21:05:50:938 1624 RegNode HKLM\SYSTEM\ControlSet001\services\H8SRTd.sys infected by TDSS rootkit ... 21:05:50:938 1624 will be deleted on reboot
21:05:50:953 1624 DeleteTDL2Service: SafeBoot Minimal doesn't infected
21:05:50:953 1624 DeleteTDL2Service: SafeBoot Network doesn't infected
21:05:50:953 1624 RegNode HKLM\SYSTEM\ControlSet002\services\H8SRTd.sys infected by TDSS rootkit ... 21:05:50:953 1624 will be deleted on reboot
21:05:50:969 1624 DeleteTDL2Service: SafeBoot Minimal doesn't infected
21:05:50:969 1624 DeleteTDL2Service: SafeBoot Network doesn't infected
21:05:50:969 1624 File C:\WINDOWS\system32\drivers\H8SRTdauirqoxvm.sys infected by TDSS rootkit ... 21:05:50:969 1624 will be deleted on reboot
21:05:50:969 1624 DeleteTDL2Service: Module enum: Name: H8SRTd. Type: 1
21:05:50:969 1624 File C:\\?\globalroot\systemroot\system32\drivers\H8SRTdauirqoxvm.sys infected by TDSS rootkit ... 21:05:50:969 1624 will be deleted on reboot
21:05:50:969 1624 DeleteTDL2Service: Module enum: Name: H8SRTc. Type: 1
21:05:50:969 1624 File C:\\?\globalroot\systemroot\system32\H8SRTsrnhwtmpmy.dll infected by TDSS rootkit ... 21:05:50:969 1624 will be deleted on reboot
21:05:50:969 1624 DeleteTDL2Service: Module enum: Name: H8SRTsrcr. Type: 1
21:05:50:969 1624 File C:\\?\globalroot\systemroot\system32\H8SRTllticrmppt.dat infected by TDSS rootkit ... 21:05:50:969 1624 will be deleted on reboot
21:05:50:969 1624 DeleteTDL2Service: Module enum: Name: h8srtserf. Type: 1
21:05:50:969 1624 File C:\\?\globalroot\systemroot\system32\H8SRTnkrjbavbif.dll infected by TDSS rootkit ... 21:05:50:969 1624 will be deleted on reboot
21:05:50:969 1624 DeleteTDL2Service: Module enum: Name: h8srtmsg. Type: 1
21:05:50:969 1624 File C:\\?\globalroot\systemroot\system32\H8SRTqmlekbgxwk.dll infected by TDSS rootkit ... 21:05:50:969 1624 will be deleted on reboot
21:05:50:969 1624 DeleteTDL2Service: Module enum: Name: h8srtbbr. Type: 1
21:05:50:969 1624 File C:\\?\globalroot\systemroot\system32\H8SRTsuyqomltyk.dll infected by TDSS rootkit ... 21:05:50:969 1624 will be deleted on reboot
21:05:50:969 1624 ScanTDL2Services: DeleteEvilService(H8SRTd.sys) success
21:05:50:969 1624 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:05:50:969 1624 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:05:50:969 1624
21:05:50:969 1624 Scanning Kernel memory ...
21:05:50:969 1624 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
21:05:50:969 1624 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86559910
21:05:50:969 1624 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
21:05:50:969 1624
21:05:50:969 1624 DetectCureTDL3: DEVICE_OBJECT: 865059F0
21:05:50:969 1624 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865059F0
21:05:50:969 1624 KLMD_ReadMem: Trying to ReadMemory 0x865059F0[0x38]
21:05:50:969 1624 DetectCureTDL3: DRIVER_OBJECT: 86559910
21:05:50:969 1624 KLMD_ReadMem: Trying to ReadMemory 0x86559910[0xA8]
21:05:50:969 1624 KLMD_ReadMem: Trying to ReadMemory 0xE101B1A0[0x18]
21:05:50:969 1624 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
21:05:50:969 1624 DetectCureTDL3: IrpHandler (0) addr: F75EEBB0
21:05:50:969 1624 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (2) addr: F75EEBB0
21:05:50:969 1624 DetectCureTDL3: IrpHandler (3) addr: F75E8D1F
21:05:50:969 1624 DetectCureTDL3: IrpHandler (4) addr: F75E8D1F
21:05:50:969 1624 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (9) addr: F75E92E2
21:05:50:969 1624 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (14) addr: F75E93BB
21:05:50:969 1624 DetectCureTDL3: IrpHandler (15) addr: F75ECF28
21:05:50:969 1624 DetectCureTDL3: IrpHandler (16) addr: F75E92E2
21:05:50:969 1624 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (22) addr: F75EAC82
21:05:50:969 1624 DetectCureTDL3: IrpHandler (23) addr: F75EF99E
21:05:50:969 1624 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:05:50:969 1624 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:05:50:969 1624 TDL3_FileDetect: Processing driver: Disk
21:05:50:969 1624 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
21:05:50:969 1624 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
21:05:51:000 1624 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
21:05:51:000 1624
21:05:51:000 1624 DetectCureTDL3: DEVICE_OBJECT: 86506AB8
21:05:51:000 1624 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86506AB8
21:05:51:000 1624 DetectCureTDL3: DEVICE_OBJECT: 86557BB0
21:05:51:000 1624 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86557BB0
21:05:51:000 1624 DetectCureTDL3: DEVICE_OBJECT: 86559D98
21:05:51:000 1624 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86559D98
21:05:51:000 1624 KLMD_ReadMem: Trying to ReadMemory 0x86559D98[0x38]
21:05:51:000 1624 DetectCureTDL3: DRIVER_OBJECT: 865794A0
21:05:51:000 1624 KLMD_ReadMem: Trying to ReadMemory 0x865794A0[0xA8]
21:05:51:000 1624 KLMD_ReadMem: Trying to ReadMemory 0xE15381C0[0x1A]
21:05:51:000 1624 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
21:05:51:000 1624 DetectCureTDL3: IrpHandler (0) addr: F741B6F2
21:05:51:000 1624 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (2) addr: F741B6F2
21:05:51:000 1624 DetectCureTDL3: IrpHandler (3) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (4) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (9) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (14) addr: F741B712
21:05:51:000 1624 DetectCureTDL3: IrpHandler (15) addr: F7417852
21:05:51:000 1624 DetectCureTDL3: IrpHandler (16) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (22) addr: F741B73C
21:05:51:000 1624 DetectCureTDL3: IrpHandler (23) addr: F7422336
21:05:51:000 1624 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:05:51:000 1624 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:05:51:000 1624 KLMD_ReadMem: Trying to ReadMemory 0xF7418864[0x400]
21:05:51:000 1624 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
21:05:51:000 1624 TDL3_FileDetect: Processing driver: atapi
21:05:51:000 1624 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
21:05:51:000 1624 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
21:05:51:016 1624 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
21:05:51:016 1624 UtilityBootReinit: Reboot required for cure complete..
21:05:51:016 1624 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
21:05:51:016 1624 UtilityBootReinit: KLMD drop success
21:05:51:032 1624 KLMD_ApplyPendList: Pending buffer(5D3E_5CDE, 1368) dropped successfully
21:05:51:032 1624 UtilityBootReinit: Cure on reboot scheduled successfully
21:05:51:032 1624
21:05:51:032 1624 Completed
21:05:51:032 1624
21:05:51:032 1624 Results:
21:05:51:032 1624 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:05:51:032 1624 Registry objects infected / cured / cured on reboot: 2 / 0 / 2
21:05:51:032 1624 File objects infected / cured / cured on reboot: 7 / 0 / 7
21:05:51:032 1624
21:05:51:032 1624 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
21:05:51:032 1624 UtilityDeinit: KLMD(ARK) unloaded successfully


Report •

#3
January 13, 2010 at 04:18:39

Sorry, I'm having to post this in 3 sections, I think it was too long before, it wouldn't let me post everything at once.

log.txt contents:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pat at 2010-01-12 21:12:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 139 GB (91%) free of 153 GB
Total RAM: 1015 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:23 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\syncables\syncables desktop\Syncables.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\syncables\syncables desktop\MigoMapi.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Pat\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Pat\Desktop\Pat.exe
C:\WINDOWS\system32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/nor...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
O4 - HKLM\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\Pat\LOCALS~1\Temp\settdebugx.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe

--
End of file - 8127 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3745573097-4272101664-3096362523-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3745573097-4272101664-3096362523-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-06 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll [2009-03-25 82784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll [2009-03-25 82784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-30 483428]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-02-18 737280]
"HP BTW Detect Program"=C:\Program Files\HP\HPBTWD.exe [2009-03-30 319488]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-01-15 1418536]
"HP Mobile Broadband"=c:\SWsetup\HPQWWAN\HPMobileBroadband.exe [2009-01-09 455224]
"Syncables"=C:\Program Files\syncables\syncables desktop\Syncables.exe [2009-04-02 173360]
"Microsoft Default Manager"=c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-06 224616]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"Aim6"= []
"Google Update"=C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-30 135664]
"settdebugx.exe"=C:\DOCUME~1\Pat\LOCALS~1\Temp\settdebugx.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe"="C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2010-01-12 21:12:15 ----D---- C:\rsit
2010-01-12 21:05:50 ----A---- C:\TDSSKiller.txt
2010-01-12 19:02:52 ----D---- C:\Program Files\AVG
2010-01-12 19:02:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-12 18:44:54 ----D---- C:\Qoobox
2010-01-12 18:37:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-12 18:37:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-11 21:14:23 ----D---- C:\Program Files\Mozilla Firefox
2010-01-10 14:56:12 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2009-12-18 06:25:07 ----D---- C:\Documents and Settings\Pat\Application Data\Mozilla
2009-12-10 21:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 21:51:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 21:49:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 21:49:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 21:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-10 06:35:15 ----N---- C:\WINDOWS\system32\msfeedsbs.dll
2009-12-10 06:35:15 ----N---- C:\WINDOWS\system32\msfeeds.dll
2009-12-10 06:35:15 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-12-10 06:35:14 ----N---- C:\WINDOWS\system32\occache.dll
2009-12-10 06:35:14 ----N---- C:\WINDOWS\system32\iepeers.dll
2009-12-10 06:35:12 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-12-10 06:35:11 ----N---- C:\WINDOWS\system32\wininet.dll
2009-12-10 06:35:11 ----N---- C:\WINDOWS\system32\iertutil.dll
2009-12-10 06:35:11 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-12-10 06:35:10 ----N---- C:\WINDOWS\system32\urlmon.dll
2009-12-10 06:35:09 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-12-10 06:35:06 ----N---- C:\WINDOWS\system32\ieframe.dll
2009-12-06 21:26:38 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2009-11-25 07:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 07:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 17:11:54 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-11-24 17:11:46 ----A---- C:\WINDOWS\system32\msxml3.dll
2009-11-11 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-02 18:35:05 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-30 16:48:33 ----D---- C:\66761975da58bae8c7c66c1caaa06d
2009-10-29 06:36:58 ----D---- C:\fb261b520d3e28c6609623f6
2009-10-27 15:56:15 ----D---- C:\fd9d842073a5352e81e3c227361a
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-10-13 21:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-13 21:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-13 21:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-13 21:26:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-13 21:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-13 21:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-13 21:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-13 21:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-13 21:21:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 16:28:57 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-10-13 16:28:54 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-10-13 05:30:16 ----A---- C:\WINDOWS\system32\oakley.dll

======List of files/folders modified in the last 3 months======

2010-01-12 21:05:51 ----D---- C:\WINDOWS\system32\drivers
2010-01-12 21:05:40 ----D---- C:\WINDOWS\system32
2010-01-12 21:05:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-12 21:04:32 ----D---- C:\WINDOWS\temp
2010-01-12 21:02:29 ----SD---- C:\WINDOWS\Tasks
2010-01-12 19:02:52 ----RD---- C:\Program Files
2010-01-12 19:02:51 ----SHD---- C:\WINDOWS\Installer
2010-01-12 19:02:49 ----D---- C:\WINDOWS\WinSxS
2010-01-12 19:02:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-12 19:01:37 ----D---- C:\WINDOWS
2010-01-12 18:49:26 ----SHD---- C:\System Volume Information
2010-01-12 18:49:26 ----D---- C:\WINDOWS\system32\Restore
2010-01-11 21:27:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-11 21:21:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-11 21:02:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-11 19:57:15 ----D---- C:\WINDOWS\Prefetch
2010-01-11 16:55:15 ----D---- C:\WINDOWS\Registration
2010-01-08 16:36:27 ----D---- C:\Documents and Settings\Pat\Application Data\Skype
2010-01-02 08:35:09 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-01 15:43:54 ----D---- C:\Program Files\Common Files\Adobe
2010-01-01 15:43:11 ----D---- C:\Program Files\Adobe
2009-12-28 13:39:12 ----D---- C:\WINDOWS\system32\wbem
2009-12-26 16:07:49 ----D---- C:\Documents and Settings\Pat\Application Data\skypePM
2009-12-10 21:52:19 ----HD---- C:\WINDOWS\inf
2009-12-10 21:52:16 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-10 21:51:23 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 21:50:10 ----D---- C:\Program Files\Internet Explorer
2009-12-10 21:49:55 ----D---- C:\WINDOWS\ie8updates
2009-12-10 21:49:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-01 15:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-11 03:06:01 ----A---- C:\WINDOWS\win.ini
2009-11-02 20:42:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-02 18:41:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-02 18:41:12 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-14 07:45:57 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 07:45:42 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 36352]
R1 SaibVd32;Virtual Disk Driver; C:\WINDOWS\System32\Drivers\SaibVd32.sys [2008-12-11 25584]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-03-19 113664]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-08-09 1735040]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-03-02 38912]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-30 1550891]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-01-15 206512]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys []
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2008-12-12 125424]
R2 BOTService;BOTService; C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2009-03-19 203248]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-17 1181328]
R2 STacSV;Audio Service; c:\program files\idt\wdm\STacSV.exe [2009-03-30 254042]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Report •

Related Solutions

#4
January 13, 2010 at 04:19:03

Last one!

info.txt contents:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pat at 2010-01-12 21:12:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 139 GB (91%) free of 153 GB
Total RAM: 1015 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:23 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\syncables\syncables desktop\Syncables.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\syncables\syncables desktop\MigoMapi.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Pat\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Pat\Desktop\Pat.exe
C:\WINDOWS\system32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/nor...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
O4 - HKLM\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\Pat\LOCALS~1\Temp\settdebugx.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe

--
End of file - 8127 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3745573097-4272101664-3096362523-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3745573097-4272101664-3096362523-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-06 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll [2009-03-25 82784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll [2009-03-25 82784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-30 483428]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-02-18 737280]
"HP BTW Detect Program"=C:\Program Files\HP\HPBTWD.exe [2009-03-30 319488]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-01-15 1418536]
"HP Mobile Broadband"=c:\SWsetup\HPQWWAN\HPMobileBroadband.exe [2009-01-09 455224]
"Syncables"=C:\Program Files\syncables\syncables desktop\Syncables.exe [2009-04-02 173360]
"Microsoft Default Manager"=c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-06 224616]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"Aim6"= []
"Google Update"=C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-30 135664]
"settdebugx.exe"=C:\DOCUME~1\Pat\LOCALS~1\Temp\settdebugx.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe"="C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2010-01-12 21:12:15 ----D---- C:\rsit
2010-01-12 21:05:50 ----A---- C:\TDSSKiller.txt
2010-01-12 19:02:52 ----D---- C:\Program Files\AVG
2010-01-12 19:02:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-12 18:44:54 ----D---- C:\Qoobox
2010-01-12 18:37:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-12 18:37:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-11 21:14:23 ----D---- C:\Program Files\Mozilla Firefox
2010-01-10 14:56:12 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2009-12-18 06:25:07 ----D---- C:\Documents and Settings\Pat\Application Data\Mozilla
2009-12-10 21:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 21:51:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 21:49:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 21:49:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 21:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-10 06:35:15 ----N---- C:\WINDOWS\system32\msfeedsbs.dll
2009-12-10 06:35:15 ----N---- C:\WINDOWS\system32\msfeeds.dll
2009-12-10 06:35:15 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-12-10 06:35:14 ----N---- C:\WINDOWS\system32\occache.dll
2009-12-10 06:35:14 ----N---- C:\WINDOWS\system32\iepeers.dll
2009-12-10 06:35:12 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-12-10 06:35:11 ----N---- C:\WINDOWS\system32\wininet.dll
2009-12-10 06:35:11 ----N---- C:\WINDOWS\system32\iertutil.dll
2009-12-10 06:35:11 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-12-10 06:35:10 ----N---- C:\WINDOWS\system32\urlmon.dll
2009-12-10 06:35:09 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-12-10 06:35:06 ----N---- C:\WINDOWS\system32\ieframe.dll
2009-12-06 21:26:38 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2009-11-25 07:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 07:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 17:11:54 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-11-24 17:11:46 ----A---- C:\WINDOWS\system32\msxml3.dll
2009-11-11 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-02 18:35:05 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-30 16:48:33 ----D---- C:\66761975da58bae8c7c66c1caaa06d
2009-10-29 06:36:58 ----D---- C:\fb261b520d3e28c6609623f6
2009-10-27 15:56:15 ----D---- C:\fd9d842073a5352e81e3c227361a
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-10-13 21:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-13 21:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-13 21:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-13 21:26:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-13 21:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-13 21:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-13 21:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-13 21:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-13 21:21:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 16:28:57 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-10-13 16:28:54 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-10-13 05:30:16 ----A---- C:\WINDOWS\system32\oakley.dll

======List of files/folders modified in the last 3 months======

2010-01-12 21:05:51 ----D---- C:\WINDOWS\system32\drivers
2010-01-12 21:05:40 ----D---- C:\WINDOWS\system32
2010-01-12 21:05:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-12 21:04:32 ----D---- C:\WINDOWS\temp
2010-01-12 21:02:29 ----SD---- C:\WINDOWS\Tasks
2010-01-12 19:02:52 ----RD---- C:\Program Files
2010-01-12 19:02:51 ----SHD---- C:\WINDOWS\Installer
2010-01-12 19:02:49 ----D---- C:\WINDOWS\WinSxS
2010-01-12 19:02:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-12 19:01:37 ----D---- C:\WINDOWS
2010-01-12 18:49:26 ----SHD---- C:\System Volume Information
2010-01-12 18:49:26 ----D---- C:\WINDOWS\system32\Restore
2010-01-11 21:27:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-11 21:21:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-11 21:02:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-11 19:57:15 ----D---- C:\WINDOWS\Prefetch
2010-01-11 16:55:15 ----D---- C:\WINDOWS\Registration
2010-01-08 16:36:27 ----D---- C:\Documents and Settings\Pat\Application Data\Skype
2010-01-02 08:35:09 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-01 15:43:54 ----D---- C:\Program Files\Common Files\Adobe
2010-01-01 15:43:11 ----D---- C:\Program Files\Adobe
2009-12-28 13:39:12 ----D---- C:\WINDOWS\system32\wbem
2009-12-26 16:07:49 ----D---- C:\Documents and Settings\Pat\Application Data\skypePM
2009-12-10 21:52:19 ----HD---- C:\WINDOWS\inf
2009-12-10 21:52:16 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-10 21:51:23 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 21:50:10 ----D---- C:\Program Files\Internet Explorer
2009-12-10 21:49:55 ----D---- C:\WINDOWS\ie8updates
2009-12-10 21:49:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-01 15:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-11 03:06:01 ----A---- C:\WINDOWS\win.ini
2009-11-02 20:42:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-02 18:41:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-02 18:41:12 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-14 07:45:57 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 07:45:42 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 36352]
R1 SaibVd32;Virtual Disk Driver; C:\WINDOWS\System32\Drivers\SaibVd32.sys [2008-12-11 25584]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-03-19 113664]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-08-09 1735040]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-03-02 38912]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-30 1550891]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-01-15 206512]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys []
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2008-12-12 125424]
R2 BOTService;BOTService; C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2009-03-19 203248]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-17 1181328]
R2 STacSV;Audio Service; c:\program files\idt\wdm\STacSV.exe [2009-03-30 254042]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Report •

#5
January 15, 2010 at 11:27:13

Hi, do you have any updates on this problem or any other fixes? I haven't been getting the IE popups since you had me run the scans but I still cannot install a new antivirus software. Every time I try to do so the antivirus software I'm trying to install says I need to uninstall the "microsoft security essentials antivirus" before it can complete the installation. The only problem is that I uninstalled microsoft security essentials last week and it is not showing up in add/remove programs so I'm not sure why the new antivirus software thinks it is still on the computer. I'm concerned because the computer currently has no antivirus software installed, which could be a huge problem. Also, Microsoft Security Center has been disabled and I do not know how to renable it which could also be a problem.

I appreciate your help! Thanks!


Report •


Ask Question