Redirect virus

Microsoft Microsoft windows xp home edit...
December 13, 2009 at 16:36:40
Specs: Windows XP Home SP2
I am being redirected when I do a google search. I have run Malwarebytes and supposedly cleaned up my system, but am still being redirected. I have run XDelBox which says I have a high risk threat called "IanmanserverEventSystem." When I try to "Fix" it, I receive the message "Cannot create file 'C:\WINDOWS\System32\drivers\etc\hosts'. Access is denied."

See More: Redirect virus

Report •


#1
December 13, 2009 at 17:44:22
Please download OTL from following site:

Link1

1. Save it to your desktop
2. Double click the OTL icon on your desktop.
3. Under the Custom Scans/Fixes box at the bottom, paste in the following,everything between the X's:


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply. It may take 3 to 4 post to get the entire log to us.

Download Gmer.exe from the following link.

Link1

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

#2
December 13, 2009 at 21:58:46
OTL logfile created on: 12/14/2009 12:03:58 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Debby\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 132.13 Mb Available Physical Memory | 17.96% Memory free
1.01 Gb Paging File | 0.35 Gb Available in Paging File | 34.78% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.80 Gb Free Space | 45.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 2.44 Gb Free Space | 65.27% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WORKSTATION0
Current User Name: Debby
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/12/12 18:20:04 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\Desktop\OTL.exe
PRC - [2009/11/29 19:41:47 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/29 06:12:04 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/21 22:59:44 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/21 22:59:38 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/05 01:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/19 16:31:07 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/19 16:31:06 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/19 16:31:00 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/19 16:30:53 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/19 16:30:31 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/30 21:27:10 | 00,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\mcuicnt.exe
PRC - [2009/07/27 19:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/03/27 21:10:56 | 00,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/10/16 17:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/08/11 19:49:44 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/05 13:29:20 | 00,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2007/08/06 12:41:06 | 00,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/06/29 14:41:04 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/04/23 03:00:00 | 00,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/04/11 14:32:22 | 00,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2007/03/24 23:39:14 | 00,090,112 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/07/13 19:38:38 | 01,378,304 | ---- | M] (AlfaSoft Research Labs) -- C:\Program Files\AlfaClock\AlfaClock.exe
PRC - [2005/01/31 14:06:05 | 00,208,896 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe
PRC - [2004/10/20 09:40:04 | 00,010,328 | ---- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/10/01 14:36:21 | 00,102,672 | ---- | M] (NetZero) -- C:\Program Files\NetZero\exec.exe
PRC - [2004/06/29 09:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/02/13 08:37:00 | 00,094,208 | ---- | M] (Jetsoft Development Company) -- C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
PRC - [2004/02/13 08:08:00 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
PRC - [2004/01/14 08:21:00 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/01/14 08:21:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2003/12/05 03:36:58 | 00,249,856 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2003/10/08 04:41:10 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/03/31 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2002/03/19 17:30:00 | 00,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009/12/12 18:20:04 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\Desktop\OTL.exe
MOD - [2008/07/25 10:17:20 | 00,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/07/25 10:17:20 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
MOD - [2007/04/23 03:00:00 | 00,045,568 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2003/03/31 07:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\serwvdrv.dll
MOD - [2003/03/31 07:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umdmxfrm.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/12/08 09:02:06 | 00,065,024 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\Debby\Local Settings\Temp\1D8.tmp -- (lanmanserverEventSystem)
SRV - [2009/09/21 22:59:38 | 01,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/03 10:53:00 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/08/19 16:30:53 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/19 16:30:31 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/06/26 08:26:20 | 00,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/03/27 21:10:56 | 00,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/25 13:35:30 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/10/16 17:22:20 | 00,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/08/11 19:49:44 | 00,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/10/20 09:40:04 | 00,010,328 | ---- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/06/29 08:29:30 | 00,184,373 | ---- | M] () [Auto | Stopped] -- C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe -- (AOLService)
SRV - [2004/06/15 14:29:42 | 00,380,928 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2004/01/14 08:21:00 | 00,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://Www.Wintergreensys.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cus...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.juno.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll (United Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://webmailb.juno.com/cgi-bin/login.cgi?type=sessiontimedout|https://www.wireless.att.com/olam/loginAction.doview"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/02 18:34:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 10:54:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 06:25:47 | 00,000,000 | ---D | M]

[2008/12/06 19:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Mozilla\Extensions
[2009/12/13 19:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\o1rdo41l.default\extensions
[2009/08/25 18:52:39 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\o1rdo41l.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/05/09 09:53:09 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\o1rdo41l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/28 14:25:53 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\o1rdo41l.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/08/25 06:20:05 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\o1rdo41l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/27 22:45:10 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\o1rdo41l.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/12 10:14:04 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\o1rdo41l.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/04/18 19:35:33 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\o1rdo41l.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/12/13 23:57:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/12/15 18:23:32 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C43B8A2-24E8-4336-B86E-A94558E10C60} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll ()
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CapFax] C:\Program Files\Classic PhoneTools\capFax.exe (BVRP Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Lexmark 2200 Series] C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\PELMICED.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AlfaClock Classic] C:\Program Files\AlfaClock\AlfaClock.exe (AlfaSoft Research Labs)
O4 - HKCU..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe (NetZero)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [spc_w] C:\Program Files\NZSearch\nzspc.exe (United Online, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 66 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?lin... (Office Genuine Advantage Validation Tool)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirv... (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/... (Musicnotes Viewer)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/... (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} http://www.cpa-exam.org/AICPATutori... (AICPASSV.Spreadsheet)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishAc... (Snapfish Activia)
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} http://www.cpa-exam.org/AICPATutori... (AICPAAuthLit.AuthLitItem)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/... (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_01)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/Nirv... (diskhealth Class)
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} http://www.cpa-exam.org/AICPATutori... (AICPACR.ConstructedResponse)
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zonelabs.com/bin/pr... (Anonymizer Anti-Spyware Scanner)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcpitstop.com/Nirv... (PCPitstop AntiVirus)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/so... (ScorchPlugin Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeu... (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin... (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/ji... (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/... (Shockwave Flash Object)
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} http://www.cpa-exam.org/AICPATutori... (AICPA treeView control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Nirv... (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/16 17:35:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 00,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

Report •

#3
December 13, 2009 at 21:59:52


[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]

[2009/12/13 23:40:35 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/13 22:28:28 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Debby\Desktop\OTL.exe
[2009/12/13 14:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Application Data\PCPitstop
[2009/12/13 09:29:58 | 00,000,000 | ---D | C] -- C:\quarantine
[2009/12/13 09:02:03 | 00,107,008 | ---- | C] (SafeReturner.com) -- C:\upload.dll
[2009/12/13 09:02:00 | 00,436,736 | ---- | C] (XDelBox.com) -- C:\XDelBox.exe
[2009/12/13 09:02:00 | 00,000,000 | ---D | C] -- C:\data
[2009/12/12 20:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PC
[2009/12/09 18:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Application Data\PC
[2009/02/21 13:06:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/21 13:06:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/21 13:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/21 13:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/24 05:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[5 C:\Documents and Settings\Debby\My Documents\*.tmp files -> C:\Documents and Settings\Debby\My Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]

[2009/12/14 00:09:52 | 00,000,428 | ---- | M] () -- C:\WINDOWS\System32\advpackn.sys
[2009/12/14 00:09:50 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/12/14 00:03:21 | 08,126,464 | ---- | M] () -- C:\Documents and Settings\Debby\NTUSER.DAT
[2009/12/14 00:01:24 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\vir2c7qc.exe
[2009/12/13 23:53:49 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/13 23:53:43 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/12/13 23:52:21 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/13 23:52:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/13 23:51:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 23:50:31 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Debby\ntuser.ini
[2009/12/13 23:40:57 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/12/13 23:39:40 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\RSIT.exe
[2009/12/13 09:19:54 | 00,000,555 | --S- | M] () -- C:\WINDOWS\System32\3864807767.dat
[2009/12/12 18:20:04 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\Desktop\OTL.exe
[2009/12/12 16:41:09 | 46,555,839 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/12 16:41:09 | 00,123,708 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/11 20:43:45 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Debby.job
[2009/12/10 19:50:06 | 00,436,736 | ---- | M] (XDelBox.com) -- C:\XDelBox.exe
[2009/12/09 23:59:38 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/09 18:11:38 | 00,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2009/12/09 18:11:38 | 00,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/12/09 13:21:16 | 00,107,008 | ---- | M] (SafeReturner.com) -- C:\upload.dll
[2009/12/09 05:16:42 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 05:16:42 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 05:16:39 | 00,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 03:23:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[5 C:\Documents and Settings\Debby\My Documents\*.tmp files -> C:\Documents and Settings\Debby\My Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009/12/14 00:01:23 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\vir2c7qc.exe
[2009/12/13 23:39:39 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\RSIT.exe
[2009/12/12 20:57:15 | 00,000,214 | ---- | C] () -- C:\WINDOWS\System32\advpackn.sys
[2009/12/09 18:09:02 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2009/12/09 18:09:02 | 00,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/12/08 09:02:15 | 00,000,555 | --S- | C] () -- C:\WINDOWS\System32\3864807767.dat
[2009/10/13 05:02:48 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/07/07 05:58:42 | 00,000,093 | ---- | C] () -- C:\WINDOWS\winlemm.ini
[2009/05/17 07:22:43 | 00,000,180 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\setup.log
[2009/05/17 07:22:15 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\setup_ldm.iss
[2008/08/11 23:48:26 | 00,000,071 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2008/05/05 18:34:28 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2007/11/21 19:33:45 | 00,000,551 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/19 15:37:51 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/26 23:33:11 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/06/11 13:24:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/05/10 20:00:45 | 00,003,640 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/25 07:35:37 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/11/19 07:14:01 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/08/13 06:38:44 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2006/08/13 01:16:42 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\WavCodec.wff
[2006/06/09 20:46:30 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Debby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/09 18:10:03 | 00,001,812 | ---- | C] () -- C:\WINDOWS\System32\OLE2SYS2.DLL
[2005/09/09 18:09:53 | 00,004,885 | ---- | C] () -- C:\WINDOWS\3dftp.ini
[2005/09/07 18:25:14 | 00,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2005/09/07 18:21:12 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2005/06/02 23:56:06 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\jnwinst32.dll
[2005/06/02 23:56:06 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\jnwinst.dll
[2005/06/02 23:34:53 | 00,000,078 | ---- | C] () -- C:\WINDOWS\aw_win04.ini
[2005/05/11 04:16:05 | 00,184,808 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\shb.dat
[2005/03/05 09:51:52 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon2k.dll
[2004/12/14 05:33:51 | 00,003,971 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2004/12/14 05:33:51 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2004/12/07 04:52:06 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/12/05 14:16:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/27 00:23:29 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/11/25 19:15:48 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/11/24 05:46:55 | 00,000,567 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/11/24 05:46:38 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbvvs.dll
[2004/11/24 05:46:14 | 00,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbvcoin.ini
[2004/11/23 12:44:28 | 00,000,654 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2004/11/10 00:30:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/16 17:52:31 | 00,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2004/08/16 17:52:15 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/08/16 17:49:25 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2004/08/16 17:48:39 | 00,124,410 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/08/16 17:46:50 | 00,103,034 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/06/27 12:04:56 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\imslevel.dll
[2004/06/27 11:33:38 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\imsispd.dll
[2003/02/19 00:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/22 08:46:56 | 00,000,308 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/03/19 18:30:00 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009/03/21 16:19:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/21 16:20:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/02/21 12:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/11/09 17:45:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/08/18 18:19:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2005/10/09 14:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/13 14:32:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/12/13 08:36:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/21 16:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/14 05:51:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2008/07/14 22:22:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wsc
[2007/01/25 21:06:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2008/07/14 22:22:44 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CDF61231-6AD7-4969-B4DD-9E6C0F51DD5E}
[2009/07/29 22:54:41 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2007/03/11 18:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\.gaim
[2008/08/22 20:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\acccore
[2006/01/12 20:37:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\AICPA
[2004/11/28 15:03:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Aim
[2006/08/13 07:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Anvil Studio
[2006/05/31 17:06:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Comcast
[2009/12/13 23:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Free Download Manager
[2007/08/18 19:10:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Grisoft
[2009/01/23 23:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\gtk-2.0
[2007/11/09 17:45:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\iolo
[2006/07/16 15:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Kazaa Lite
[2007/10/06 06:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\OfficeUpdate12
[2009/12/12 20:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\PC
[2009/12/13 14:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\PCPitstop
[2006/11/14 19:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\POPFile
[2006/06/02 22:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Simple Star
[2006/06/02 22:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Snapfish
[2004/12/04 06:52:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\SpamPal
[2005/02/14 18:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\spweng
[2007/03/20 17:28:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Viewpoint
[2009/12/09 23:59:38 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\PELMICED.EXE:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Report •

Related Solutions

#4
December 13, 2009 at 22:02:08
OTL Extras logfile created on: 12/14/2009 12:03:58 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Debby\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 132.13 Mb Available Physical Memory | 17.96% Memory free
1.01 Gb Paging File | 0.35 Gb Available in Paging File | 34.78% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.80 Gb Free Space | 45.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 2.44 Gb Free Space | 65.27% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WORKSTATION0
Current User Name: Debby
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Juno\bin\juno.exe" = C:\Program Files\Juno\bin\juno.exe:*:Enabled:Juno -- (Juno Online Services, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1102479007\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1102479007\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:AT&T Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner -- File not found
"C:\Program Files\CallWave\IAM.exe" = C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave -- (CallWave, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04AAEE65-C463-44B4-BF7E-FE099C2B44B3}" = Bible Explorer 4 Download Edition
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11D696C6-0A0C-499A-B431-6190F9DC1904}" = Juno
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{795AF20A-51C5-4BAF-9EF5-AA38105C6141}" = Norton Security Scan
"{8911A5F5-06A6-4931-B193-E1FB0ECAF372}" = Exterminate3
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8F6DB702-1CA6-11D7-9229-0040F44C65DE}" = SpamPal manual (English-language)
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE6CFFA1-4A51-11D6-BD6E-EF01F93E642D}" = SpamPal
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"15Puzzle_is1" = 15 Puzzle 4.0
"3D-FTP 7.01" = 3D-FTP 7.01
"aaa321sud_is1" = My SUDOKU
"AceMoney Lite_is1" = AceMoney Lite
"AceMoney_is1" = AceMoney
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.14" = AFPL Ghostscript 8.14
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AlfaClock Free_is1" = AlfaClock Free version 1.9.0.752
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Deskbar" = AOL Deskbar
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"Ask Toolbar_is1" = Ask Toolbar
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"AVG8Uninstall" = AVG Free 8.5
"Belarc Advisor" = Belarc Advisor 7.2
"Bible Explorer 4 Download Edition" = Bible Explorer 4 Download Edition
"CallWave" = CallWave
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Crazy-Pool-2" = Crazy Pool 2
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Download Manager_is1" = Free Download Manager 2.1
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GIMPshop" = GIMPshop 2.2.8
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GSview 4.9" = GSview 4.9
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"Installing HSP56 MicroModem Drivers" = HSP56 MR Drivers
"intelliScore Polyphonic WAV to MIDI Converter" = intelliScore Polyphonic WAV to MIDI Converter
"IrfanView" = IrfanView (remove only)
"Lexmark 2200 Series" = Lexmark 2200 Series
"LHTTSENG" = L&H TTS3000 British English
"LimeWire" = LimeWire 4.16.7
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"LSI Soft Modem" = LSI PCI Soft Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIDI Converter Studio_is1" = MIDI Converter Studio 5.1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"MSDict" = Microsoft Dictation
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Musicnotes Player_is1" = Musicnotes Player V1.22.3
"NSSSetup.{795AF20A-51C5-4BAF-9EF5-AA38105C6141}" = Norton Security Scan (Symantec Corporation)
"Pagis Viewer 2.0" = Pagis Viewer 2.0
"PC Matic_is1" = PC Matic 1.0.0.0
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"PDFill PDF Writer" = PDFill PDF Writer
"Picasa 3" = Picasa 3
"POPFile" = POPFile 0.22.1
"Port Magic" = Pure Networks Port Magic
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC 4.0
"Retouch Pilot_is1" = Retouch Pilot 1.10 Trial
"SBC.MCCInstall" = AT&T Self Support Tool
"SiS VGA Utilities" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Snapfish PhotoShow Express" = Snapfish PhotoShow Express
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST5UNST #1" = Anvil Studio
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Switch" = Switch Uninstall
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Hypnotist" = Virtual Hypnotist 4.61
"Web Sudoku Deluxe_is1" = Web Sudoku Deluxe 1.1.5
"WIDI Recognition System Pro 3.0" = WIDI Recognition System Pro 3.0 (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XBTB03051.XBTB03051IEToolbar" = Furl Toolbar
"XBTB05988.XBTB05988Toolbar" = Furl Toolbar
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Extras" = Yahoo! Browser Services
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"POPFile_Data" = POPFile Data (Debby)

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/13/2009 10:09:11 AM | Computer Name = WORKSTATION0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/13/2009 10:09:13 AM | Computer Name = WORKSTATION0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/13/2009 10:09:49 AM | Computer Name = WORKSTATION0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/13/2009 10:09:49 AM | Computer Name = WORKSTATION0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 12/13/2009 10:09:49 AM | Computer Name = WORKSTATION0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/13/2009 10:10:45 AM | Computer Name = WORKSTATION0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/13/2009 10:10:51 AM | Computer Name = WORKSTATION0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/13/2009 1:22:55 PM | Computer Name = WORKSTATION0 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 12/13/2009 9:35:32 PM | Computer Name = WORKSTATION0 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5512, fault address 0x0002c4a8.

Error - 12/14/2009 12:34:40 AM | Computer Name = WORKSTATION0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/14/2009 12:40:59 AM | Computer Name = WORKSTATION0 | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/14/2009 12:40:59 AM | Computer Name = WORKSTATION0 | Source = Service Control Manager | ID = 7034
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/14/2009 12:40:59 AM | Computer Name = WORKSTATION0 | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/14/2009 12:40:59 AM | Computer Name = WORKSTATION0 | Source = Service Control Manager | ID = 7034
Description = The AVG Free8 E-mail Scanner service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/14/2009 12:52:05 AM | Computer Name = WORKSTATION0 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/14/2009 12:52:05 AM | Computer Name = WORKSTATION0 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/14/2009 12:55:46 AM | Computer Name = WORKSTATION0 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 12/14/2009 1:00:14 AM | Computer Name = WORKSTATION0 | Source = Service Control Manager | ID = 7031
Description = The AOL TopSpeed Monitor service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 12/14/2009 1:08:16 AM | Computer Name = WORKSTATION0 | Source = Service Control Manager | ID = 7031
Description = The AOL TopSpeed Monitor service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 12/14/2009 1:15:23 AM | Computer Name = WORKSTATION0 | Source = Service Control Manager | ID = 7031
Description = The AOL TopSpeed Monitor service terminated unexpectedly. It has
done this 3 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.


< End of report >

Report •

#5
December 13, 2009 at 22:12:03
Logfile of random's system information tool 1.06 (written by random/random)
Run by Debby at 2009-12-14 01:06:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (45%) free of 38 GB
Total RAM: 735 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:01 AM, on 12/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\system32\PELMICED.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
C:\Program Files\AlfaClock\AlfaClock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe
C:\Documents and Settings\Debby\Desktop\OTL.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Debby\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Debby.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.juno.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://Www.Wintergreensys.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: XBTB05988 Class - {5C43B8A2-24E8-4336-B86E-A94558E10C60} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://Www.Wintergreensys.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirv...
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam.org/AICPATutori...
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishAc...
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam.org/AICPATutori...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirv...
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam.org/AICPATutori...
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pr...
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirv...
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/so...
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam.org/AICPATutori...
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirv...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Server lanmanserverEventSystem (lanmanserverEventSystem) - Unknown owner - C:\DOCUME~1\Debby\LOCALS~1\Temp\1D8.tmp.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14663 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Norton Security Scan for Debby.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-10-16 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-19 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-19 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C43B8A2-24E8-4336-B86E-A94558E10C60}]
XBTB05988 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-02-22 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdmcks.dll [2006-08-20 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - ZeroBar - C:\Program Files\NetZero\toolbar.dll [2004-10-01 77312]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-07-28 882416]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-10-16 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2003-12-05 249856]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2002-07-09 167936]
"Lexmark 2200 Series"=C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe [2004-02-13 57344]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\PELMICED.EXE [2007-03-24 90112]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]
"CapFax"=C:\Program Files\Classic PhoneTools\CapFax.EXE [2001-12-10 20739]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-11 29744]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-29 2029336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-10-08 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"NetZero_uoltray"=C:\Program Files\NetZero\exec.exe [2004-10-01 102672]
"spc_w"=C:\Program Files\NZSearch\nzspc.exe [2004-11-09 286786]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe [2005-01-31 208896]
"AlfaClock Classic"=C:\Program Files\AlfaClock\AlfaClock.exe [2005-07-13 1378304]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-29 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-10-18 79448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1102479007\EE\AOLHostManager.exe [2004-11-03 125528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-29 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-19 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-19 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1


Report •

#6
December 13, 2009 at 22:12:42
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Juno\bin\juno.exe"="C:\Program Files\Juno\bin\juno.exe:*:Enabled:Juno"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1102479007\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1102479007\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:AT&T Yahoo! Music Jukebox"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"C:\Program Files\CallWave\IAM.exe"="C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-14 01:06:20 ----D---- C:\rsit
2009-12-13 23:40:35 ----D---- C:\_OTL
2009-12-13 14:06:58 ----D---- C:\Documents and Settings\Debby\Application Data\PCPitstop
2009-12-13 09:29:58 ----D---- C:\quarantine
2009-12-13 09:02:03 ----A---- C:\upload.dll
2009-12-13 09:02:00 ----D---- C:\data
2009-12-13 09:02:00 ----A---- C:\XDelBox.exe
2009-12-09 18:09:57 ----D---- C:\Documents and Settings\Debby\Application Data\PC
2009-12-09 03:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 03:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 03:21:31 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-09 03:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 03:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 03:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-25 14:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-25 03:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-22 06:29:10 ----D---- C:\Documents and Settings\Debby\Application Data\skypePM
2009-11-22 06:23:46 ----D---- C:\Documents and Settings\Debby\Application Data\Skype
2009-11-22 06:22:20 ----D---- C:\Program Files\Common Files\Skype
2009-11-22 06:22:15 ----RD---- C:\Program Files\Skype
2009-11-22 06:22:04 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

======List of files/folders modified in the last 1 months======

2009-12-14 01:08:13 ----D---- C:\WINDOWS\Temp
2009-12-14 01:08:03 ----D---- C:\WINDOWS\Internet Logs
2009-12-14 00:04:57 ----D---- C:\Program Files\Mozilla Firefox
2009-12-13 23:58:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-13 23:53:21 ----D---- C:\WINDOWS\Prefetch
2009-12-13 23:52:55 ----D---- C:\WINDOWS
2009-12-13 23:52:21 ----SD---- C:\WINDOWS\Tasks
2009-12-13 23:52:12 ----D---- C:\WINDOWS\system32
2009-12-13 23:50:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-13 23:33:24 ----D---- C:\Documents and Settings\Debby\Application Data\Free Download Manager
2009-12-13 14:32:39 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2009-12-13 14:23:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-13 14:07:08 ----SHD---- C:\WINDOWS\Installer
2009-12-13 14:07:08 ----D---- C:\WINDOWS\WinSxS
2009-12-13 14:06:58 ----D---- C:\Program Files\PCPitstop
2009-12-13 09:16:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-12-13 08:36:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-13 01:57:45 ----HD---- C:\$AVG8.VAULT$
2009-12-12 20:49:50 ----HD---- C:\WINDOWS\$NtUninstallKB933566$
2009-12-12 20:49:50 ----D---- C:\WINDOWS\system32\drivers
2009-12-12 17:36:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-12 15:37:30 ----D---- C:\Program Files\SpywareBlaster
2009-12-11 23:17:34 ----D---- C:\Documents and Settings\Debby\Application Data\U3
2009-12-11 20:45:05 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-12-11 15:01:25 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-12-11 15:00:04 ----D---- C:\Program Files\Norton Security Scan
2009-12-09 05:16:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 03:25:40 ----HD---- C:\WINDOWS\inf
2009-12-09 03:25:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-09 03:23:40 ----A---- C:\WINDOWS\imsins.BAK
2009-12-09 03:19:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-08 06:26:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-01 15:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-22 06:22:20 ----D---- C:\Program Files\Common Files
2009-11-22 06:22:15 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-19 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-19 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-17 108552]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2001-01-09 27088]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2003-12-04 11392]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2009-08-13 1163328]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-10-03 401152]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-10-09 475788]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-04-11 63248]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-04-11 79376]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2003-12-05 429440]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 pelps2m;PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2001-07-24 14816]
S3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2002-07-08 131676]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-27 14336]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-19 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-19 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-14 311296]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
S2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
S2 AOLService;AOL Spyware Protection Service; C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe [2004-06-29 184373]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 lanmanserverEventSystem;Server lanmanserverEventSystem; C:\DOCUME~1\Debby\LOCALS~1\Temp\1D8.tmp [2009-12-08 65024]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-11 29744]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PCPitstop Scheduling;PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [2009-06-26 85504]
S4 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]

-----------------EOF-----------------


Report •

#7
December 13, 2009 at 22:14:05
info.txt logfile of random's system information tool 1.06 2009-12-14 01:08:23

======Uninstall list======

-->C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
15 Puzzle 4.0-->"C:\Program Files\15 Puzzle\unins000.exe"
3D-FTP 7.01-->C:\PROGRA~1\3D-FTP\UNWISE.EXE C:\PROGRA~1\3D-FTP\INSTALL.LOG
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
AceMoney Lite-->"C:\Program Files\AceMoney\unins001.exe"
AceMoney-->"C:\Program Files\AceMoney\unins000.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AFPL Ghostscript 8.14-->C:\gs\uninstgs.exe "C:\gs\gs8.14\uninstal.txt"
AFPL Ghostscript Fonts-->C:\gs\uninstgs.exe "C:\gs\fonts\uninstal.txt"
Agere Systems PCI Soft Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
AlfaClock Free version 1.9.0.752-->"C:\Program Files\AlfaClock\unins000.exe"
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
Anvil Studio-->C:\WINDOWS\ST5UNST.EXE -n "c:\Anvil Studio\ST5UNST.LOG"
AOL Connectivity Services-->"C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Deskbar-->"C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
AT&T Self Support Tool-->C:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AT&T Yahoo! Music Jukebox-->MsiExec.exe /X{54AA707B-68DA-49A4-9916-68DD670241BD}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belarc Advisor 7.2-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"
Bible Explorer 4 Download Edition-->"C:\Documents and Settings\All Users\Application Data\{CDF61231-6AD7-4969-B4DD-9E6C0F51DD5E}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Bible Explorer 4 Download Edition-->C:\Documents and Settings\All Users\Application Data\{CDF61231-6AD7-4969-B4DD-9E6C0F51DD5E}\Setup.exe
CallWave-->C:\Program Files\CallWave\IAM.exe -remove
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Crazy Pool 2-->C:\Program Files\2DPlay\Crazy-Pool-2\Uninstall.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Exterminate3-->MsiExec.exe /I{8911A5F5-06A6-4931-B193-E1FB0ECAF372}
Free Download Manager 2.1-->"C:\Program Files\Free Download Manager\unins000.exe"
Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe"
Furl Toolbar-->regsvr32 /u /s "C:\Program Files\Furl Toolbar\tbu4B\toolbar.dll"
Furl Toolbar-->regsvr32 /u /s "C:\Program Files\Furl Toolbar\toolbar.dll"
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GIMPshop 2.2.8-->C:\Program Files\GIMPshop\uninst.exe
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GSview 4.9-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
GTK+ Runtime 2.6.9 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998)-->"C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP LaserJet P1000 series-->C:\Program Files\Avago-HP\{93258fb8-94f4-4c6e-b686-02faf4ab97c6}\uninstall.exe SYSTEMHORNET "C:\Program Files\Avago-HP\{93258fb8-94f4-4c6e-b686-02faf4ab97c6}"
HPSSupply-->MsiExec.exe /X{7902E313-FF0F-4493-ACB1-A8147B78DCD0}
HSP56 MR Drivers-->ptuninst.exe
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
intelliScore Polyphonic WAV to MIDI Converter-->C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo\Uninstal.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Juno-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11D696C6-0A0C-499A-B431-6190F9DC1904}\setup.exe" Uninstall
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark 2200 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBVUN5C.EXE -dLexmark 2200 Series
LimeWire 4.16.7-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
LSI PCI Soft Modem-->C:\WINDOWS\agrsmdel
Magnifier Powertoy for Windows XP-->MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Dictation-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\MSDApp.inf, Uninstall
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Speech Recognition Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsr.inf, Uninstall.NT
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MIDI Converter Studio 5.1-->"C:\Program Files\MIDI Converter Studio\unins000.exe"
Mouse Suite-->Pmuninst.exe MouseSuite98
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MrvlUsgTracking-->MsiExec.exe /I{02C85EC5-E864-4847-AF55-42730861004C}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Musicnotes Player V1.22.3-->"C:\Program Files\Musicnotes\Player\unins000.exe"
My SUDOKU-->E:\Franks\MySudoku\unins000.exe
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NetZero-->"C:\Program Files\NetZero\uninst.exe"
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{795AF20A-51C5-4BAF-9EF5-AA38105C6141}
Pagis Viewer 2.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Xerox\Pagis Viewer 2.0\Uninst.isu"
PC Matic 1.0.0.0-->"C:\Program Files\PCPitstop\PC Matic\unins000.exe"
PC Pitstop Driver Alert2 2.0.0.0-->"C:\Program Files\PCPitstop\Driver Alert2\unins000.exe"
PDFill PDF Writer-->C:\WINDOWS\system32\uninstpw.exe C:\Program Files\PlotSoft\PDFill
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
POPFile 0.22.1-->C:\Program Files\POPFile\uninstall.exe
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Retouch Pilot 1.10 Trial-->"C:\Program Files\Retouch Pilot\unins000.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,r,0
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Snapfish PhotoShow Express-->"C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\Uninstall.exe"
SpamPal manual (English-language)-->"C:\Program Files\SpamPal\Uninstall.exe" "C:\Program Files\SpamPal\install.log"
SpamPal-->"C:\Program Files\SpamPal\Uninstall.exe" "C:\Program Files\SpamPal\install.log"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Switch Uninstall-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Hypnotist 4.61-->C:\Program Files\Virtual Hypnotist461\uninst.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VNC 4.0-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
Web Sudoku Deluxe 1.1.5-->"C:\Program Files\WebSudokuDeluxe\unins000.exe"
WIDI Recognition System Pro 3.0 (remove only)-->"C:\Program Files\WIDI 3.0 Pro\Uninstall.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

::1 localhost

======Security center information======

AV: AVG Anti-Virus Free
AV: ZoneAlarm Security Suite Antivirus (disabled) (outdated)
FW: ZoneAlarm Firewall

======System event log======

Computer Name: WORKSTATION0
Event Code: 7034
Message: The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 5 time(s).

Record Number: 64111
Source Name: Service Control Manager
Time Written: 20091014184844.000000-240
Event Type: error
User:

Computer Name: WORKSTATION0
Event Code: 7031
Message: The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Record Number: 64109
Source Name: Service Control Manager
Time Written: 20091014184039.000000-240
Event Type: error
User:

Computer Name: WORKSTATION0
Event Code: 7031
Message: The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Record Number: 64107
Source Name: Service Control Manager
Time Written: 20091014183236.000000-240
Event Type: error
User:

Computer Name: WORKSTATION0
Event Code: 7031
Message: The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Record Number: 64105
Source Name: Service Control Manager
Time Written: 20091014182128.000000-240
Event Type: error
User:

Computer Name: WORKSTATION0
Event Code: 7031
Message: The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Record Number: 64103
Source Name: Service Control Manager
Time Written: 20091014181425.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: WORKSTATION0
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 34
Source Name: Application Hang
Time Written: 20091102193236.000000-240
Event Type: error
User:

Computer Name: WORKSTATION0
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 22
Source Name: crypt32
Time Written: 20091101162512.000000-240
Event Type: error
User:

Computer Name: WORKSTATION0
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 21
Source Name: crypt32
Time Written: 20091101162512.000000-240
Event Type: error
User:

Computer Name: WORKSTATION0
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 20
Source Name: crypt32
Time Written: 20091101162511.000000-240
Event Type: error
User:

Computer Name: WORKSTATION0
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 19
Source Name: crypt32
Time Written: 20091101162511.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

#8
December 13, 2009 at 23:07:45
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 01:52:12
Windows 5.1.2600 Service Pack 3
Running: vir2c7qc.exe; Driver: C:\DOCUME~1\Debby\LOCALS~1\Temp\kgrorpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB5564FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB5561C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB557C170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB5565580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB5579900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB5579B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB557DB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB5565670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB5562210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB557C9F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB557C7A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB5579280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB557CF10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB557CF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB5562070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB557B180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB557AF40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB557D6F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB557D150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB5564BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB557D540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB5565190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB5562440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB557C4E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB557A200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB557A080]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + E0 804E273C 2 Bytes [80, 1C]
.text ntoskrnl.exe!_abnormal_termination + E3 804E273F 1 Byte [B5]
.text ntoskrnl.exe!_abnormal_termination + F0 804E274C 2 Bytes [70, C1] {JO 0xffffffffffffffc3}
.text ntoskrnl.exe!_abnormal_termination + F3 804E274F 1 Byte [B5]
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, 55, 56, B5, 00, 99, 57, ...]
.text ...
? srescan.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF6929A80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[764] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0259000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3352] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3352] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3352] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B5569B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B5569930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B556A260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B5567E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B5567E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B5569B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B5569930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B556A260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B5569B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B5567E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B556A260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B5569930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B556A260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B5569930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B5569B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B5567E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B5569B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B5569930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B556A260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B5582B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B5569B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B5567E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B556A260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B5569930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B55628D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B5562A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B55625E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B5562980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[164] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)

Device -> \Driver\atapi \Device\Harddisk0\DR0 83727618

---- Services - GMER 1.0.15 ----

Service C:\Documents and Settings\Debby\Local Settings\Temp\1D8.tmp (*** hidden *** ) [AUTO] lanmanserverEventSystem <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1DA1F373-E33C-AC87-CA9E-194F761B964C}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1DA1F373-E33C-AC87-CA9E-194F761B964C}@haficgdfccfgkkdm 0x6A 0x61 0x62 0x68 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Report •

#9
December 14, 2009 at 03:54:22
You should uninstall these programs:


Ask Toolbar
Viewpoint Media Player


Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Please download ComboFix from your internet explorer browser instead of your Firefox browser.

Remember..your AVG antivirus, Ad-Aware and Spybot's TeaTimer must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#10
December 14, 2009 at 06:48:29
Message received from "Link1"

http://download.bleepingcomputer.co...

"ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page.

DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com!

Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again.

We will also announce when ComboFix is available on our Twitter and Facebook pages."

-----------

"Link2" brought me to a website (http://www.forospyware.com/) written in Spanish.

-----------

"Link3" brought me to "http://www.geekstogo.com/forum/Combofix-file197.html" which says the file was last updated Jul 21, 2009. It states

"Combofix by sUBs.

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Note: Geeks to Go no longer hosts a mirror of Combofix, but you can download it from one of the mirrors below, or click the Download File button to be connected to one of the mirrors automatically."


mirror 1 = Bleepingcomputer (see above)

mirror 2 = http://www.forospyware.com/sUBs/Com...

Mirror 2 does not take me to a page, but wants me to directly download it.

Question: Since "Link1" says that there is "an issue with the program," should I wait for a resolution, or go to "Link3" and download it from Mirror 2?

Thank you for your patience with me.


Report •

#11
December 14, 2009 at 19:37:45
Lets wait on Subs for the Combofix repairs.

1. Download TDSSKiller and save it to your Desktop.
2. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
3. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


4. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
5. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Report •

#12
December 14, 2009 at 20:57:54
I answered N to the reboot option.

23:53:53:156 216 ForceUnloadDriver: NtUnloadDriver error 2
23:53:53:281 216 ForceUnloadDriver: NtUnloadDriver error 2
23:53:53:500 216 ForceUnloadDriver: NtUnloadDriver error 2
23:53:53:562 216 main: Driver KLMD successfully dropped
23:53:54:656 216 main: Driver KLMD successfully loaded
23:53:54:656 216
Scanning Registry ...
23:53:54:703 216 ScanServices: Searching service UACd.sys
23:53:54:703 216 ScanServices: Open/Create key error 2
23:53:54:703 216 ScanServices: Searching service TDSSserv.sys
23:53:54:703 216 ScanServices: Open/Create key error 2
23:53:54:703 216 ScanServices: Searching service gaopdxserv.sys
23:53:54:703 216 ScanServices: Open/Create key error 2
23:53:54:703 216 ScanServices: Searching service gxvxcserv.sys
23:53:54:703 216 ScanServices: Open/Create key error 2
23:53:54:703 216 ScanServices: Searching service MSIVXserv.sys
23:53:54:703 216 ScanServices: Open/Create key error 2
23:53:55:218 216 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
23:53:55:828 216 UnhookRegistry: Kernel local addr: C40000
23:53:55:828 216 UnhookRegistry: KeServiceDescriptorTable addr: CC3220
23:53:56:125 216 UnhookRegistry: KiServiceTable addr: C4B6A8
23:53:56:125 216 UnhookRegistry: NtEnumerateKey service number (local): 47
23:53:56:125 216 UnhookRegistry: NtEnumerateKey local addr: CDC5A4
23:53:56:187 216 KLMD_OpenDevice: Trying to open KLMD device
23:53:56:187 216 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
23:53:56:187 216 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
23:53:56:187 216 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4]
23:53:56:187 216 UnhookRegistry: NtEnumerateKey service number (kernel): 47
23:53:56:187 216 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4]
23:53:56:187 216 UnhookRegistry: NtEnumerateKey real addr: 805735A4
23:53:56:187 216 UnhookRegistry: NtEnumerateKey calc addr: 805735A4
23:53:56:187 216 UnhookRegistry: No SDT hooks found on NtEnumerateKey
23:53:56:187 216 KLMD_ReadMem: Trying to ReadMemory 0x805735A4[0xA]
23:53:56:187 216 UnhookRegistry: No splicing found on NtEnumerateKey
23:53:56:187 216
Scanning Kernel memory ...
23:53:56:187 216 KLMD_OpenDevice: Trying to open KLMD device
23:53:56:187 216 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
23:53:56:187 216 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
23:53:56:187 216 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 83780A08
23:53:56:187 216 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
23:53:56:187 216 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 82ADE630
23:53:56:187 216 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82ADE630
23:53:56:187 216 KLMD_ReadMem: Trying to ReadMemory 0x82ADE630[0x38]
23:53:56:187 216 DetectCureTDL3: DRIVER_OBJECT addr: 83780A08
23:53:56:187 216 KLMD_ReadMem: Trying to ReadMemory 0x83780A08[0xA8]
23:53:56:187 216 KLMD_ReadMem: Trying to ReadMemory 0xE1773998[0x208]
23:53:56:187 216 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:53:56:187 216 DetectCureTDL3: IrpHandler (0) addr: F78EDBB0
23:53:56:187 216 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (2) addr: F78EDBB0
23:53:56:187 216 DetectCureTDL3: IrpHandler (3) addr: F78E7D1F
23:53:56:187 216 DetectCureTDL3: IrpHandler (4) addr: F78E7D1F
23:53:56:187 216 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (9) addr: F78E82E2
23:53:56:187 216 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (14) addr: F78E83BB
23:53:56:187 216 DetectCureTDL3: IrpHandler (15) addr: F78EBF28
23:53:56:187 216 DetectCureTDL3: IrpHandler (16) addr: F78E82E2
23:53:56:187 216 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (22) addr: F78E9C82
23:53:56:187 216 DetectCureTDL3: IrpHandler (23) addr: F78EE99E
23:53:56:187 216 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
23:53:56:187 216 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
23:53:56:187 216 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
23:53:56:187 216 KLMD_ReadMem: DeviceIoControl error 1
23:53:56:187 216 TDL3_StartIoHookDetect: Unable to get StartIo handler code
23:53:56:187 216 TDL3_FileDetect: Processing driver: Disk
23:53:56:187 216 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
23:53:56:187 216 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
23:53:56:187 216 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
23:53:56:250 216 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82C71030
23:53:56:250 216 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82C71030
23:53:56:250 216 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82843348
23:53:56:250 216 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82843348
23:53:56:250 216 KLMD_ReadMem: Trying to ReadMemory 0x82843348[0x38]
23:53:56:250 216 DetectCureTDL3: DRIVER_OBJECT addr: 82884B58
23:53:56:250 216 KLMD_ReadMem: Trying to ReadMemory 0x82884B58[0xA8]
23:53:56:250 216 KLMD_ReadMem: Trying to ReadMemory 0xE1B32D48[0x208]
23:53:56:250 216 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
23:53:56:250 216 DetectCureTDL3: IrpHandler (0) addr: B1DD9218
23:53:56:250 216 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (2) addr: B1DD9218
23:53:56:250 216 DetectCureTDL3: IrpHandler (3) addr: B1DD923C
23:53:56:250 216 DetectCureTDL3: IrpHandler (4) addr: B1DD923C
23:53:56:250 216 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (9) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (14) addr: B1DD9180
23:53:56:250 216 DetectCureTDL3: IrpHandler (15) addr: B1DD49E6
23:53:56:250 216 DetectCureTDL3: IrpHandler (16) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (22) addr: B1DD85F0
23:53:56:250 216 DetectCureTDL3: IrpHandler (23) addr: B1DD6A6E
23:53:56:250 216 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
23:53:56:250 216 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
23:53:56:250 216 KLMD_ReadMem: Trying to ReadMemory 0xB1DD5F26[0x400]
23:53:56:250 216 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
23:53:56:250 216 TDL3_FileDetect: Processing driver: USBSTOR
23:53:56:250 216 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\tsk_usbstor.sys
23:53:56:250 216 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
23:53:56:250 216 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
23:53:56:343 216 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 837219F0
23:53:56:343 216 KLMD_GetLowerDeviceObject: Trying to get lower device object for 837219F0
23:53:56:343 216 KLMD_ReadMem: Trying to ReadMemory 0x837219F0[0x38]
23:53:56:343 216 DetectCureTDL3: DRIVER_OBJECT addr: 83780A08
23:53:56:343 216 KLMD_ReadMem: Trying to ReadMemory 0x83780A08[0xA8]
23:53:56:343 216 KLMD_ReadMem: Trying to ReadMemory 0xE1773998[0x208]
23:53:56:343 216 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:53:56:343 216 DetectCureTDL3: IrpHandler (0) addr: F78EDBB0
23:53:56:343 216 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (2) addr: F78EDBB0
23:53:56:343 216 DetectCureTDL3: IrpHandler (3) addr: F78E7D1F
23:53:56:343 216 DetectCureTDL3: IrpHandler (4) addr: F78E7D1F
23:53:56:343 216 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (9) addr: F78E82E2
23:53:56:343 216 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (14) addr: F78E83BB
23:53:56:343 216 DetectCureTDL3: IrpHandler (15) addr: F78EBF28
23:53:56:343 216 DetectCureTDL3: IrpHandler (16) addr: F78E82E2
23:53:56:343 216 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (22) addr: F78E9C82
23:53:56:343 216 DetectCureTDL3: IrpHandler (23) addr: F78EE99E
23:53:56:343 216 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
23:53:56:343 216 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
23:53:56:343 216 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
23:53:56:343 216 KLMD_ReadMem: DeviceIoControl error 1
23:53:56:343 216 TDL3_StartIoHookDetect: Unable to get StartIo handler code
23:53:56:343 216 TDL3_FileDetect: Processing driver: Disk
23:53:56:343 216 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
23:53:56:343 216 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
23:53:56:343 216 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
23:53:56:531 216 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8377BAB8
23:53:56:531 216 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8377BAB8
23:53:56:531 216 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 837DB170
23:53:56:531 216 KLMD_GetLowerDeviceObject: Trying to get lower device object for 837DB170
23:53:56:531 216 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 83773D98
23:53:56:531 216 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83773D98
23:53:56:531 216 KLMD_ReadMem: Trying to ReadMemory 0x83773D98[0x38]
23:53:56:531 216 DetectCureTDL3: DRIVER_OBJECT addr: 837CA2C0
23:53:56:531 216 KLMD_ReadMem: Trying to ReadMemory 0x837CA2C0[0xA8]
23:53:56:531 216 KLMD_ReadMem: Trying to ReadMemory 0x8377D030[0x38]
23:53:56:531 216 KLMD_ReadMem: Trying to ReadMemory 0x837DB738[0xA8]
23:53:56:531 216 KLMD_ReadMem: Trying to ReadMemory 0xE1005A48[0x208]
23:53:56:531 216 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
23:53:56:531 216 DetectCureTDL3: IrpHandler (0) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (1) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (2) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (3) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (4) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (5) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (6) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (7) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (8) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (9) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (10) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (11) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (12) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (13) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (14) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (15) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (16) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (17) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (18) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (19) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (20) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (21) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (22) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (23) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (24) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (25) addr: 83727618
23:53:56:531 216 DetectCureTDL3: IrpHandler (26) addr: 83727618
23:53:56:531 216 DetectCureTDL3: All IRP handlers pointed to one addr: 83727618
23:53:56:531 216 KLMD_ReadMem: Trying to ReadMemory 0x83727618[0x400]
23:53:56:531 216 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
23:53:56:531 216 Driver "atapi" Irp handler infected by TDSS rootkit ... 23:53:56:531 216 KLMD_WriteMem: Trying to WriteMemory 0x8372767D[0xD]
23:53:56:531 216 cured
23:53:56:531 216 KLMD_ReadMem: Trying to ReadMemory 0x837274BF[0x400]
23:53:56:531 216 TDL3_StartIoHookDetect: CheckParameters: 7, FFDF0308, 334, 1
23:53:56:531 216 Driver "atapi" StartIo handler infected by TDSS rootkit ... 23:53:56:531 216 TDL3_StartIoHookCure: Number of patches 1
23:53:56:531 216 KLMD_WriteMem: Trying to WriteMemory 0x837275B6[0x6]
23:53:56:531 216 cured
23:53:56:593 216 TDL3_FileDetect: Processing driver: atapi
23:53:56:593 216 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys
23:53:56:593 216 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
23:53:56:593 216 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
23:53:56:640 216 File C:\WINDOWS\system32\drivers\atapi.sys infected by TDSS rootkit ... 23:53:56:640 216 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
23:53:56:640 216 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
23:53:56:656 216 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\Drivers\tsk_atapi.sys
23:53:56:687 216 TDL3_FileCure: Image path (system32\Drivers\tsk_atapi.sys) was set for service (SYSTEM\CurrentControlSet\Services\atapi)
23:53:56:687 216 TDL3_FileCure: KLMD_PendCopyFileW (C:\WINDOWS\system32\Drivers\tsk_atapi.sys, C:\WINDOWS\system32\drivers\atapi.sys) success
23:53:56:687 216 will be cured on next reboot
23:53:56:781 216
Completed

Results:
23:53:56:781 216 Infected objects in memory: 2
23:53:56:921 216 Cured objects in memory: 2
23:53:56:921 216 Infected objects on disk: 1
23:53:56:953 216 Objects on disk cured on reboot: 1
23:53:56:953 216 Objects on disk deleted on reboot: 0
23:53:56:984 216 Registry nodes deleted on reboot: 0
23:53:56:984 216


Report •

#13
December 15, 2009 at 00:49:59
When I try to "Fix" it, I receive the message "Cannot create file 'C:\WINDOWS\System32\drivers\etc\hosts'. Access is denied."

Follow this link ..........

http://support.zenerica.com/AntiSpy...

Thanks you.


Report •

#14
December 15, 2009 at 18:13:58
Are you still being redirected?

Post a new GMER log please.

I suggest that you uninstall these programs:


Furl Toolbar (Known to harbor spyware)
J2SE Runtime Environment 5.0 Update 3 (should have version 6 update 17)
Java 2 Runtime Environment, SE v1.4.2
Java(TM) SE Runtime Environment 6 Update 1
LimeWire (Known to harbor spyware)



Report •

#15
December 15, 2009 at 22:10:19
I had the same problem a few months ago and I downloaded ComboFix and i never had a problem with it again!

Report •

#16
December 15, 2009 at 22:51:52
I just wanted to thank all those who give these tips. I've been
struggling with this problem for a week now, and this is the
only live thread where I can give credit. It started off with one
of the many false AntiVirus Pro screens hijacking my screen,
and my Google Results redirected. I put my system into a
prior System Restore Point where the Antivirus Pro problem
was no longer around, but my results were still redirected (the
tricky part is that the first results are fine, but subsequent
clicks (even on the same link) will result in ad links).
MalwareBytes and SuperAntispyware picked up a few
problems, but weren't able to solve the redirect issue.

I did read in some other forums about checking for the TDSS
in my Device Manager, but I never could find it there. It was
only here that I read about the TDSSKiller tool from
Kaspersky (thanks jabuck!). That fixed it for good.


Report •

#17
December 16, 2009 at 04:23:28
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-16 07:07:55
Windows 5.1.2600 Service Pack 3
Running: vir2c7qc.exe; Driver: C:\DOCUME~1\Debby\LOCALS~1\Temp\kgrorpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB7621FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB761EC80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB7639170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB7622580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB7636900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB7636B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB763AB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB7622670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB761F210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB76399F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB76397A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB7636280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB7639F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB7639F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB761F070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB7638180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB7637F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB763A6F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB763A150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB7621BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB763A540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB7622190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB761F440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB76394E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB7637200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB7637080]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, 25, 62, B7, 00, 69, 63, ...]
? srescan.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF6AE5A80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2580] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2580] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2580] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B7626B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B7626930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B7627260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B7624E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B7624E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B7626B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B7626930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B7627260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B7626B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B7624E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B7627260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B7626930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B7627260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B7626930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B7626B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B763FB30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B7624E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B7626B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B7626930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B7627260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B7626B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B7624E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B7627260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B7626930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B761F8D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B761FA80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B761F5E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B761F980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1008] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1DA1F373-E33C-AC87-CA9E-194F761B964C}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1DA1F373-E33C-AC87-CA9E-194F761B964C}@haficgdfccfgkkdm 0x6A 0x61 0x62 0x68 ...

---- EOF - GMER 1.0.15 ----


Report •

#18
December 16, 2009 at 08:45:22
I rebooted my computer yesterday. Although I haven't used Google very many times yet; the few times I have, seem to indicate that my problem is solved.

I tried to remove Furl Toolbars (2 of them) through Control Panel>Add or Remove Programs, but I am unable to do so. I simply get a quick flash of a window and am taken back to the Add or Remove Programs window with the programs still there. How can I get rid of these?

I removed all the Java-related programs, then added Java 6 Update 7. Is this correct? (I think I may have removed one extra Java program that you did not instruct me to do previously.) Do I need another Java program besides the update?

Since I have downloaded the new Java (as you suggested), I keep getting a ZoneAlarm Security Alert that "Java(TM) Quick Starter binary is trying to access the Internet." Should I allow this and should I mark it to "remember" to always allow it?

Also, I notice that Java Quick Starter Addon for Firefox has been added to my Firefox. Do I want this addon?

I really appreciate all your help.


Report •

#19
December 16, 2009 at 19:58:32
Allow the java update in zonealarm, it will notify you when an update is available for java.

Your new java should be version 6 update 17. The firefox addon is also ok.

The Furl toolbar does not appear to be running and there is probably no uninstaller for it. The entries in add/remove programs would need to be edited from the registry to remove them without an uninstaller. To assure that it cannot run navigate to and delete this folder if found:

C:\Program Files\Furl Toolbar

Glad we could help.


Report •


Ask Question