Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with internet

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help with internet

Unread postby KayRanch » November 9th, 2009, 10:38 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by drkay at 2009-11-09 07:32:41
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 185 GB (50%) free of 373 GB
Total RAM: 1918 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:50 AM, on 11/9/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\drkay\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\drkay.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.wsj.com/public/us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssupport.webex.com/client ... atgpc1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10512 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Norton Security Scan for drkay.job
C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\User_Feed_Synchronization-{66E664E7-467E-4ED6-84F9-6337339970CB}.job
C:\Windows\tasks\User_Feed_Synchronization-{AC0A093B-7774-4E54-813F-94467407DBE1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-24 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-01 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-10 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"SSDMonitor"=C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2009-10-14 104408]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-03-07 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-23 2000112]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RMTray.exe [2009-10-14 292824]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-26 39408]
"QuickenScheduledUpdates"=C:\Program Files\Quicken\bagent.exe [2009-10-14 87424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-09-21 520024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\AOL 9.0\AOL.EXE [2006-11-10 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-03 2028312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1207570199\ee\AOLSoftware.exe [2006-09-25 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-03-12 1773568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\hp\support\hpsysdrv.exe [2006-09-28 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 1441792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-26 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\Palm\Hotsync.exe [2004-06-09 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE [2007-03-02 1441792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^drkay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Palm Registration.lnk]
C:\PROGRA~1\Palm\register.exe [2005-08-08 2494464]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-10-23 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{340b63ea-59cd-11dc-900a-001bb9764e0f}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8bdfef-8883-11dc-97a4-001bb9764e0f}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b9720e6-e6a7-11dd-8ab1-00038a000015}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bc79991-f82a-11dd-bdef-00038a000015}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87010a79-6eec-11dc-8195-001bb9764e0f}]
shell\AutoRun\command - K:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b555126d-1e36-11de-8689-00038a000015}]
shell\AutoRun\command - wd_windows_tools\setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-08 09:51:27 ----D---- C:\_OTM
2009-11-08 09:49:17 ----D---- C:\Windows\ERDNT
2009-11-08 09:48:20 ----D---- C:\Program Files\ERUNT
2009-11-05 10:07:37 ----D---- C:\rsit
2009-11-04 01:35:26 ----A---- C:\Windows\system32\mshtml.dll
2009-11-03 08:53:10 ----D---- C:\Program Files\iPod
2009-11-03 08:53:01 ----D---- C:\Program Files\iTunes
2009-10-29 09:34:35 ----D---- C:\Users\drkay\AppData\Roaming\Registry Mechanic
2009-10-29 09:28:39 ----D---- C:\Program Files\Common Files\PC Tools
2009-10-28 04:20:13 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 04:20:04 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 04:19:48 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-26 16:01:13 ----D---- C:\Program Files\Trend Micro
2009-10-23 14:09:53 ----A---- C:\Windows\system32\atsckernel.exe
2009-10-23 14:09:45 ----A---- C:\Windows\system32\atashost.exe
2009-10-23 14:07:09 ----D---- C:\ProgramData\WebEx
2009-10-19 14:10:57 ----D---- C:\Windows\system32\eu-ES
2009-10-19 14:10:57 ----D---- C:\Windows\system32\ca-ES
2009-10-19 14:10:44 ----D---- C:\Windows\system32\vi-VN
2009-10-19 12:45:57 ----D---- C:\Windows\system32\EventProviders
2009-10-13 22:39:40 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-13 21:58:41 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-13 21:58:37 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-13 21:58:06 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-13 21:56:13 ----A---- C:\Windows\system32\ieframe.dll
2009-10-13 21:56:12 ----A---- C:\Windows\system32\iertutil.dll
2009-10-13 21:56:11 ----A---- C:\Windows\system32\urlmon.dll
2009-10-13 21:56:10 ----A---- C:\Windows\system32\wininet.dll
2009-10-13 21:56:09 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-13 21:56:08 ----A---- C:\Windows\system32\occache.dll
2009-10-13 21:56:08 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-13 21:56:05 ----A---- C:\Windows\system32\ieui.dll
2009-10-13 21:56:04 ----A---- C:\Windows\system32\iepeers.dll
2009-10-13 21:56:03 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-13 21:56:03 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-13 21:56:02 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-13 21:56:02 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-13 21:56:01 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-13 21:56:00 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-13 21:56:00 ----A---- C:\Windows\system32\iesetup.dll
2009-10-13 21:55:59 ----A---- C:\Windows\system32\iernonce.dll
2009-10-13 21:35:05 ----A---- C:\Windows\system32\msasn1.dll
2009-10-10 07:15:46 ----D---- C:\ProgramData\Office Genuine Advantage

======List of files/folders modified in the last 1 months======

2009-11-09 07:36:53 ----D---- C:\Windows\Temp
2009-11-09 00:39:49 ----D---- C:\Windows
2009-11-09 00:35:07 ----SHD---- C:\System Volume Information
2009-11-08 16:02:42 ----D---- C:\Windows\System32
2009-11-08 16:01:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-08 16:00:17 ----D---- C:\Windows\inf
2009-11-08 15:54:50 ----D---- C:\Windows\SMINST
2009-11-08 09:48:20 ----D---- C:\Program Files
2009-11-08 03:03:00 ----HD---- C:\$AVG8.VAULT$
2009-11-08 02:00:04 ----D---- C:\Program Files\Norton Security Scan
2009-11-06 14:54:47 ----RD---- C:\Users
2009-11-06 11:22:46 ----D---- C:\ProgramData\AVG Security Toolbar
2009-11-06 11:20:46 ----SHD---- C:\Windows\Installer
2009-11-06 11:20:45 ----A---- C:\Windows\ODBC.INI
2009-11-06 11:01:58 ----D---- C:\Windows\Prefetch
2009-11-05 13:39:31 ----D---- C:\Windows\system32\catroot2
2009-11-04 03:05:48 ----D---- C:\Windows\winsxs
2009-11-04 00:51:14 ----D---- C:\Windows\system32\catroot
2009-11-03 08:53:04 ----D---- C:\Program Files\Common Files\Apple
2009-10-29 18:13:41 ----D---- C:\Program Files\Mozilla Firefox
2009-10-29 09:50:20 ----AD---- C:\ProgramData\TEMP
2009-10-29 09:38:33 ----D---- C:\Windows\system32\config
2009-10-29 09:29:47 ----D---- C:\Program Files\Registry Mechanic
2009-10-29 09:28:39 ----D---- C:\Program Files\Common Files
2009-10-29 02:46:47 ----D---- C:\Windows\rescache
2009-10-29 02:25:18 ----D---- C:\Program Files\Internet Explorer
2009-10-29 02:25:17 ----D---- C:\Windows\system32\en-US
2009-10-29 02:24:31 ----D---- C:\Program Files\Windows Media Player
2009-10-23 16:46:04 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-23 14:07:09 ----HD---- C:\ProgramData
2009-10-23 14:06:48 ----SD---- C:\Windows\Downloaded Program Files
2009-10-22 06:59:59 ----A---- C:\Windows\QUICKEN.INI
2009-10-22 06:58:19 ----D---- C:\Program Files\Quicken
2009-10-20 02:38:46 ----D---- C:\Windows\Microsoft.NET
2009-10-20 02:37:35 ----RSD---- C:\Windows\assembly
2009-10-19 14:37:31 ----SHD---- C:\Boot
2009-10-19 14:19:29 ----D---- C:\Program Files\Windows Calendar
2009-10-19 14:19:28 ----D---- C:\Program Files\Windows Mail
2009-10-19 14:19:27 ----D---- C:\Program Files\Movie Maker
2009-10-19 14:19:21 ----D---- C:\Program Files\Windows Sidebar
2009-10-19 14:19:19 ----D---- C:\Program Files\Windows Collaboration
2009-10-19 14:19:18 ----D---- C:\Program Files\Windows Journal
2009-10-19 14:19:10 ----D---- C:\Program Files\Windows Photo Gallery
2009-10-19 14:19:10 ----D---- C:\Program Files\Common Files\System
2009-10-19 14:18:55 ----D---- C:\Windows\servicing
2009-10-19 14:18:55 ----D---- C:\Program Files\Windows Defender
2009-10-19 14:18:54 ----D---- C:\Windows\ehome
2009-10-19 14:17:38 ----D---- C:\Windows\IME
2009-10-19 14:17:36 ----D---- C:\Windows\system32\XPSViewer
2009-10-19 14:17:36 ----D---- C:\Windows\system32\lv-LV
2009-10-19 14:17:36 ----D---- C:\Windows\system32\hr-HR
2009-10-19 14:17:36 ----D---- C:\Windows\system32\et-EE
2009-10-19 14:17:36 ----D---- C:\Windows\system32\da-DK
2009-10-19 14:17:35 ----D---- C:\Windows\system32\sk-SK
2009-10-19 14:17:35 ----D---- C:\Windows\system32\ko-KR
2009-10-19 14:17:17 ----D---- C:\Windows\system32\de-DE
2009-10-19 14:17:16 ----D---- C:\Windows\system32\oobe
2009-10-19 14:17:16 ----D---- C:\Windows\system32\it-IT
2009-10-19 14:17:16 ----D---- C:\Windows\system32\el-GR
2009-10-19 14:17:15 ----D---- C:\Windows\system32\migration
2009-10-19 14:16:58 ----D---- C:\Windows\system32\AdvancedInstallers
2009-10-19 14:16:57 ----D---- C:\Windows\system32\sv-SE
2009-10-19 14:16:57 ----D---- C:\Windows\system32\setup
2009-10-19 14:16:57 ----D---- C:\Windows\system32\ru-RU
2009-10-19 14:16:57 ----D---- C:\Windows\system32\he-IL
2009-10-19 14:16:57 ----D---- C:\Windows\system32\fr-FR
2009-10-19 14:16:56 ----D---- C:\Windows\system32\fi-FI
2009-10-19 14:16:55 ----D---- C:\Windows\system32\pt-PT
2009-10-19 14:16:55 ----D---- C:\Windows\system32\hu-HU
2009-10-19 14:16:55 ----D---- C:\Windows\system32\cs-CZ
2009-10-19 14:16:54 ----D---- C:\Windows\system32\SLUI
2009-10-19 14:16:48 ----D---- C:\Windows\system32\zh-CN
2009-10-19 14:16:48 ----D---- C:\Windows\system32\sr-Latn-CS
2009-10-19 14:16:48 ----D---- C:\Windows\system32\en
2009-10-19 14:16:47 ----D---- C:\Windows\system32\zh-TW
2009-10-19 14:16:47 ----D---- C:\Windows\system32\sl-SI
2009-10-19 14:16:47 ----D---- C:\Windows\system32\manifeststore
2009-10-19 14:16:47 ----D---- C:\Windows\system32\es-ES
2009-10-19 14:16:46 ----D---- C:\Windows\system32\uk-UA
2009-10-19 14:16:46 ----D---- C:\Windows\system32\pl-PL
2009-10-19 14:16:46 ----D---- C:\Windows\system32\ja-JP
2009-10-19 14:16:46 ----D---- C:\Windows\system32\bg-BG
2009-10-19 14:16:45 ----D---- C:\Windows\system32\ro-RO
2009-10-19 14:16:43 ----D---- C:\Windows\system32\th-TH
2009-10-19 14:16:43 ----D---- C:\Windows\system32\drivers
2009-10-19 14:16:36 ----D---- C:\Windows\system32\tr-TR
2009-10-19 14:16:34 ----D---- C:\Windows\system32\wbem
2009-10-19 14:16:27 ----D---- C:\Windows\system32\nl-NL
2009-10-19 14:16:27 ----D---- C:\Windows\system32\nb-NO
2009-10-19 14:16:27 ----D---- C:\Windows\system32\lt-LT
2009-10-19 14:16:26 ----D---- C:\Windows\system32\ar-SA
2009-10-19 14:16:21 ----D---- C:\Windows\system32\migwiz
2009-10-19 14:16:17 ----D---- C:\Windows\system32\pt-BR
2009-10-19 14:11:39 ----RSD---- C:\Windows\Fonts
2009-10-19 14:11:36 ----D---- C:\Windows\AppPatch
2009-10-19 14:10:44 ----D---- C:\Windows\system32\Boot
2009-10-19 14:03:55 ----D---- C:\Windows\system32\RTCOM
2009-10-14 02:52:10 ----D---- C:\ProgramData\Microsoft Help
2009-10-14 02:40:07 ----D---- C:\Program Files\Microsoft Works
2009-10-14 02:18:39 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-24 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-24 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-04 108552]
R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1007020.00B\ccHPx86.sys [2009-09-08 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-26 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091105.001\IDSvix86.sys [2009-10-28 343088]
R1 mozyFilter;mozyFilter; C:\Windows\system32\DRIVERS\mozy.sys [2009-05-15 53240]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-28 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-23 74480]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1007020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-18 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS [2009-08-22 217136]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091108.020\NAVENG.SYS [2009-08-25 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091108.020\NAVEX15.SYS [2009-08-25 1323568]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1007020.00B\SRTSP.SYS [2009-08-22 308272]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-08-21 124976]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [2009-08-22 48688]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2008-08-12 194362]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HidCom;USB-HID -> COM Driver Service; C:\Windows\system32\DRIVERS\BdHidCom.sys [2007-09-17 17408]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-09-02 16694]
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NIS\1002000.007\SYMDNS.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1002000.007\SYMREDRV.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 atashost;WebEx Service Host for Support Center; C:\Windows\system32\atashost.exe [2009-10-23 20376]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2009-05-15 78136]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-20 651720]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
KayRanch
Regular Member
 
Posts: 15
Joined: October 29th, 2009, 9:17 pm
Advertisement
Register to Remove

Re: Help with internet

Unread postby KayRanch » November 9th, 2009, 10:43 am

Hi,

I did not have RSIT on my desktop so I redownloaded it and it went automatically to "downloads". I opened the folder (where the other copy was :( and pulled it to desktop and ran it as directed. This is where I screwed up last time, I guess I may have done it again. Let me know if I have to fix those two entries R1/R0 that I had to fix last time. I can follow your old instructions if so.

Thanks, Kay
KayRanch
Regular Member
 
Posts: 15
Joined: October 29th, 2009, 9:17 pm

Re: Help with internet

Unread postby Cypher » November 9th, 2009, 1:55 pm

Hi Kay
Don't worry your doing great ;)

Uninstall programs
  • Click on Start
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following

Adobe Reader 8.1.3

Next.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.2 are vulnerable.
  • Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 17.
  • Click on Download.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Disable AVG8

  • Open AVG8 Control Center, by right clicking on AVG8 icon on task bar.
  • Click on Tools.
  • Select Advanced.
  • In the left hand pane, scroll down to Resident Shield.
  • In the main pane, deselect the option to Enable Resident Shield.
  • Note: Don't forget to re-enable it after the below scan.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply.

1. ESET scan log.
2. Please let me know how your computer is preforming now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help with internet

Unread postby KayRanch » November 10th, 2009, 10:44 am

C:\Users\drkay\Documents\iphone\xArchive Docs\Archives\xOldKDSPreHVH\xArchive\ArchiveDoNotUse\Kay's Stuff\Kay's Briefcase\FELIX2.exe Win32/Joke.ScreenMate application

Hi Cypher,

I think I managed--it did take all day as the internet was particularly iffy. Re-boots and multiple tries finally got me where I needed go and got the downloads accomplished. I still don't have the new version of Adobe Reader downloaded, I'll try that next.

I believe it is improved greatly but I will have to work on the computer (I will be at my desk most of the day) to see if the problem crops up with time as it likes to. The difference is that the computer was on all night doing the scan and still accesses the internet very well this morning.

I'll let you know and I guess you will let me know the next step. The above copied text must refer to a very cute screen saver thing I had years and years ago. A little kitty bascally played on your desktop. As a feline veterinarian, I loved it! Wondered where it had gone but didn't bother to dig it up. Now I wonder if it was a problem but that was many computers ago!

Thanks, Kay
KayRanch
Regular Member
 
Posts: 15
Joined: October 29th, 2009, 9:17 pm

Re: Help with internet

Unread postby Cypher » November 10th, 2009, 2:27 pm

Hi Kay.
The ESET online scan log you posted is incomplete.
Could you please read the instructions i posted earlier carefully and run the scan again.
I need this final scan to make sure your system is completely clean.
Thank you.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help with internet

Unread postby KayRanch » November 12th, 2009, 1:27 pm

Cypher,

Sorry, thought I was just sending you the "results". I got it now. Sorry, I did have a great day on the computer yesterday, internet access is a wonderful thing! Here is the log (after I ran the scan twice again before realizing that I had to navigate to the log file. . .):

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e1d27a101d938046b2d5ab8ba77782ae
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-09 11:28:43
# local_time=2009-11-09 04:28:43 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1121329 1121329 0 0
# compatibility_mode=1028 16777213 100 88 0 20494050 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777213 100 96 4425833 5958117 0 0
# compatibility_mode=5892 16776574 100 100 1732267 94413330 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=29886
# found=0
# cleaned=0
# scan_time=3519
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e1d27a101d938046b2d5ab8ba77782ae
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-10 11:33:46
# local_time=2009-11-10 04:33:46 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1129111 1129111 0 0
# compatibility_mode=1028 16777213 100 88 0 20501832 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777213 100 96 4433615 5965899 0 0
# compatibility_mode=5892 16776574 100 100 1740049 94421112 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=251045
# found=1
# cleaned=0
# scan_time=39241
C:\Users\drkay\Documents\iphone\xArchive Docs\Archives\xOldKDSPreHVH\xArchive\ArchiveDoNotUse\Kay's Stuff\Kay's Briefcase\FELIX2.exe Win32/Joke.ScreenMate application 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e1d27a101d938046b2d5ab8ba77782ae
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-12 11:09:39
# local_time=2009-11-12 04:09:39 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1303064 1303064 0 0
# compatibility_mode=1028 16777213 100 88 0 20675785 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777213 100 96 4607568 6139852 0 0
# compatibility_mode=5892 16776574 100 100 1914002 94595065 0 0
# compatibility_mode=8192 67108863 100 0 103512 103512 0 0
# scanned=252291
# found=1
# cleaned=0
# scan_time=36641
C:\Users\drkay\Documents\iphone\xArchive Docs\Archives\xOldKDSPreHVH\xArchive\ArchiveDoNotUse\Kay's Stuff\Kay's Briefcase\FELIX2.exe Win32/Joke.ScreenMate application 00000000000000000000000000000000 I
KayRanch
Regular Member
 
Posts: 15
Joined: October 29th, 2009, 9:17 pm

Re: Help with internet

Unread postby Cypher » November 13th, 2009, 6:58 am

Hi Kay your latest set of logs are clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTM

  • Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Next.

Reset System Restore Points

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection.
  • UNcheck the box labeled Local Disk C:
  • When asked if you are sure you want to turn off System restore, click Turn System Restore Off
  • Click Apply and OK.
-------------------------------
Now Reboot Your Machine
-------------------------------
  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection.
  • Check the box labeled Local Disk C:
  • Click Apply and OK.
  • Do this only ONCE, do not reset regularly.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Here are some free programs I recommend that could help you improve your computer's security.


Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

Install Sitehound
SiteHound is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing! :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help with internet

Unread postby KayRanch » November 13th, 2009, 4:24 pm

Thank you! You are amazing! I am very, very grateful! Kay
KayRanch
Regular Member
 
Posts: 15
Joined: October 29th, 2009, 9:17 pm

Re: Help with internet

Unread postby Cypher » November 13th, 2009, 4:47 pm

Hi Kay
Your most welcome :)
I will ask for this thread to be closed, good luck.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help with internet

Unread postby NonSuch » November 15th, 2009, 10:31 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 492 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware