Free Malware Removal Forum

[ajsnr1]

hi friends,
i have two iexplorers.exe processes running in task-manager i think i had a trojan it was trying to get sign in details for my online banking but i copped the sign in page was different before i entered any thing i now use safari browser but still wont go to banking site until get clean bill of health any help greatly appreciated i ran ht scan but hadn't got IE running at the time do i need to redo this with it running heres the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:07:04, on 14/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by124w.bay124.mail.live.com/mail ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5777369296
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selfte ... TPTest.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://alanmurphy1.spaces.live.com/Phot ... nPUpld.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 6202 bytes
also with regard to the log it says 14 processes running but taskmanager has 27 running if this is relevant

[MWR 3 day Mod]

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[Dakeyras]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi ajsnr1 and welcome to Malware Removal

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!.
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

SUPERAntiSpyware Advice:

CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.

Next:

Please download Rooter.exe to your desktop.

• Then double-click it to start the tool.
• A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt.
• Post the contents of Rooter.txt in your next reply.

Next:

Now lets carry out a more in-depth scan of your computer shall we as follows:

• Please download Random's System Information Tool by random/random from here and save it to your desktop.

Make sure that RSIT.exe is on the your Desktop before running the application.

• Right click on RSIT.exe and select Run as Administrator to start RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

• How is you computer performing now, any other symptoms and or problems encountered?
• Rooter Log.
• Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

[ajsnr1]

hi Dakeyras thanks for your help the pc seems to run ok when i dont use internet explorer as my browser but when i do it uses 90% cpu on one ie process, i ran the applications you requested but with ie xplorer not started up, if this makes any difference i dont know. when i tried to run rooter i got this pop box windows-no disk
exception processing message cooooo13 parameters

75b6bfrc 4 75b6f7c 75b6bf7c i hit continue and then it ran results as follows:
Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:78159 Mo/Free:2789 Mo)
D:\ [CD-Rom] (Total:654 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:238464 Mo/Free:2912 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)

18/05/2009|21:19

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Safari\Safari.exe
---------- C:\WINDOWS\system32\taskmgr.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\WINDOWS\system32\notepad.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..


1 - "C:\Rooter$\Rooter_1.txt" - 18/05/2009|21:20

----------------------\\ Scan completed at 21:20

[ajsnr1]

log as follows:Logfile of random's system information tool 1.06 (written by random/random)
Run by Bethany at 2009-05-18 21:37:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (20%) free of 78 GB
Total RAM: 255 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:47, on 18/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Beverley H\Desktop\RSIT.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\Bethany.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bebo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = LIVERPOOL RULE UNITED ARE SCUM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\DOCUME~1\Bethany\LOCALS~1\Temp\E_S2F9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-854245398-115176313-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Beverley H')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by124w.bay124.mail.live.com/mail ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5777369296
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selfte ... TPTest.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://alanmurphy1.spaces.live.com/Phot ... nPUpld.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 6814 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\dfrg defrag.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-09 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-05-09 2223872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-05-09 2223872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-09 1947928]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-06 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus SX200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
C:\Program Files\Evidence Eliminator\ee.exe /m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-03-28 1079296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime Alternative\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-30 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-06 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claire^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^liz^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk.disabled]
C:\Documents and Settings\liz\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3
"usnjsvc"=3
"ServiceLayer"=3
"Microsoft Office Groove Audit Service"=3
"KService"=2
"iPod Service"=3
"ecure"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"WSearch"=2
"RasMan"=3
"Alerter"=2
"svchost1"=2
"odserv"=3
"PavPrSrv"=2
"avg8wd"=2
"avg8emc"=2
"vsmon"=3

C:\Documents and Settings\Bethany\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-04-30 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-06-10 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-09 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Safari\Safari.exe"="C:\Program Files\Safari\Safari.exe:*:Enabled:Safari Web Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-05-18 21:37:35 ----D---- C:\rsit
2009-05-18 21:20:23 ----A---- C:\Rooter.txt
2009-05-18 21:14:48 ----D---- C:\Rooter$
2009-05-10 19:32:41 ----D---- C:\Documents and Settings\Bethany\Application Data\AVGTOOLBAR
2009-05-09 21:41:44 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-09 20:02:05 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 16:21:15 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-05-05 17:13:36 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-05-05 01:58:02 ----A---- C:\rollback.ini
2009-05-05 01:24:16 ----D---- C:\Program Files\Zone Labs
2009-05-05 01:18:55 ----D---- C:\WINDOWS\Internet Logs
2009-05-02 00:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-02 00:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-02 00:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-02 00:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-02 00:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-02 00:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-02 00:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-02 00:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-02 00:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-02 00:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-02 00:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-02 00:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-02 00:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-02 00:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-02 00:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-01 23:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-29 22:24:59 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-25 22:13:03 ----D---- C:\WINDOWS\Minidump
2009-04-25 21:36:29 ----D---- C:\WINDOWS\logs
2009-04-24 03:16:17 ----SHD---- C:\RECYCLER
2009-04-24 03:09:58 ----D---- C:\WINDOWS\temp
2009-04-24 03:09:47 ----A---- C:\ComboFix.txt
2009-04-22 18:15:17 ----D---- C:\Program Files\ThreatExpert Memory Scanner
2009-04-22 12:53:03 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-04-22 12:52:35 ----D---- C:\Documents and Settings\Bethany\Application Data\PC Tools
2009-04-22 02:19:16 ----A---- C:\WINDOWS\vFind.exe
2009-04-22 02:19:16 ----A---- C:\WINDOWS\SWREG.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\zip.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\SWSC.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\sed.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\grep.exe
2009-04-22 02:17:21 ----D---- C:\Qoobox
2009-04-20 17:07:24 ----D---- C:\WINDOWS\ie8updates
2009-04-20 17:03:06 ----D---- C:\WINDOWS\WBEM
2009-04-20 17:00:35 ----HDC---- C:\WINDOWS\ie8

======List of files/folders modified in the last 1 months======

2009-05-18 21:37:16 ----D---- C:\WINDOWS\Prefetch
2009-05-18 21:28:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-05-18 21:27:54 ----D---- C:\WINDOWS\Debug
2009-05-18 21:27:54 ----D---- C:\WINDOWS
2009-05-17 23:34:26 ----D---- C:\WINDOWS\system32
2009-05-17 21:57:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-05-13 23:57:54 ----SHD---- C:\WINDOWS\Installer
2009-05-13 23:57:53 ----D---- C:\Config.Msi
2009-05-13 23:57:01 ----RSD---- C:\WINDOWS\assembly
2009-05-13 14:17:39 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-09 21:41:05 ----D---- C:\WINDOWS\system32\drivers
2009-05-09 21:39:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2009-05-08 13:27:39 ----A---- C:\WINDOWS\Wininit.ini
2009-05-08 00:24:06 ----D---- C:\WINDOWS\Help
2009-05-07 18:17:46 ----D---- C:\WINDOWS\Registration
2009-05-07 17:56:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-07 17:38:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-07 17:25:23 ----D---- C:\WINDOWS\security
2009-05-07 15:49:53 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-07 15:49:30 ----D---- C:\Inetpub
2009-05-07 15:49:18 ----D---- C:\WINDOWS\system32\wbem
2009-05-07 15:41:01 ----A---- C:\WINDOWS\win.ini
2009-05-07 14:27:08 ----ASH---- C:\boot.ini
2009-05-07 14:27:08 ----A---- C:\WINDOWS\system.ini
2009-05-07 08:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-05 17:13:36 ----RD---- C:\Program Files
2009-05-05 16:05:58 ----D---- C:\Program Files\Ares
2009-05-05 01:19:26 ----D---- C:\WINDOWS\WinSxS
2009-05-04 13:01:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-03 13:37:54 ----D---- C:\WINDOWS\AppPatch
2009-05-02 00:21:50 ----HD---- C:\WINDOWS\inf
2009-05-02 00:18:48 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-05-02 00:18:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-02 00:14:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-30 02:27:47 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-29 22:37:54 ----D---- C:\Program Files\Common Files
2009-04-29 17:05:39 ----D---- C:\Program Files\Panda Security
2009-04-29 17:05:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-28 20:06:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-28 18:35:33 ----D---- C:\Program Files\Kontiki
2009-04-22 02:19:14 ----SHD---- C:\System Volume Information
2009-04-22 02:19:14 ----D---- C:\WINDOWS\system32\Restore
2009-04-21 14:41:34 ----D---- C:\Program Files\Safari
2009-04-20 18:53:10 ----D---- C:\WINDOWS\system32\en-us
2009-04-20 18:53:10 ----D---- C:\WINDOWS\Media
2009-04-20 18:53:09 ----D---- C:\Program Files\Internet Explorer
2009-04-19 23:31:04 ----D---- C:\Program Files\Windows NT
2009-04-19 23:27:13 ----D---- C:\WINDOWS\system
2009-04-19 23:25:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-09 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-09 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-09 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-06-10 746496]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Intels51;Intel(R) 536EP Modem; C:\WINDOWS\system32\DRIVERS\Intels51.sys [2004-12-10 1903338]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 KeyMaestro;KeyMaestro; \??\C:\WINDOWS\system32\drivers\Maestro1.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 ca506aaf;ADS USB Audio Filter Driver (WDM); C:\WINDOWS\system32\drivers\ca506aaf.sys [2002-04-29 14273]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-18 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-18 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-18 21744]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPCA506AV;USB Instant VCD; C:\WINDOWS\system32\DRIVERS\CA506AV.SYS [2002-07-30 178835]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-12-19 22768]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2007-02-11 25600]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-09 298776]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S4 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S4 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------

[ajsnr1]

sorry for delay in posting this info log after i posted the above log file my browser crashed and its taken a while to get back upinfo.txt logfile of random's system information tool 1.06 2009-05-18 21:39:00

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
ADS Tech Camera View-->C:\PROGRA~1\ADSTEC~1\UNWISE.EXE C:\PROGRA~1\ADSTEC~1\INSTALL.LOG
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42EDF895-158C-484E-A7F2-42B90759F281}\SETUP.EXE" -l0x9 UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46CBBDF8-55B5-40DB-B459-7B848394309C}\Setup.exe" -l0x9 UNINST
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus SX200 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEFE.EXE /R /APD /P:"EPSON Stylus SX200 Series"
EPSON Stylus SX200_SX400_TX200_TX400 Manual-->C:\Program Files\EPSON\TPMANUAL\ES_SX_TX\ENG\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\Setup.exe"
Garmin City Navigator Europe NT v9-->MsiExec.exe /X{29EA075F-2C61-472F-B01D-80E8D8F023F1}
Garmin City Navigator Europe v8-->MsiExec.exe /X{3879E12E-DA5B-4451-B973-DA0E2FEE7039}
Garmin Communicator Plugin-->MsiExec.exe /X{86B879A5-927E-4536-B5FC-17CA96B60078}
Garmin POI Loader new-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08E4AE58-748D-4983-9B8A-495E2341769F}\setup.exe" -l0x9
Garmin POI Loader-->MsiExec.exe /X{3A3923F8-AA05-4281-9F6F-DC6F85D0092D}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Garmin WebUpdater-->MsiExec.exe /X{7D25A304-C82D-41C3-85A8-3BEF84E04887}
Garmin WebUpdater-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FD94FBC-07AE-475C-B522-BFE899B9048E}\setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Wireless Keyboard Driver V1.7 (2.0.W-127AU MUL)-->C:\WINDOWS\system32\KmRemove.exe
Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Intel(R) 536EP Modem-->rundll32 IntelSdi.dll,iSMUninstallation "Intel(R) 536EP Modem"
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Labtec WebCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MGI PhotoSuite III SE (Remove Only)-->"C:\Program Files\MGI\MGI PhotoSuite III SE\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite III SE\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite III SE\System\CustomUninstall.dll"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web MUI (English)-->MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web-->MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Motorola Driver Installation-->MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Motorola Software Update-->MsiExec.exe /I{4A314589-8F9F-47F3-B0E5-DB1C6A8F7D2C}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Demo-->MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Nokia Connectivity Cable Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15} /l2057
Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia Multimedia Factory-->MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite-->C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_eng.exe
Nokia PC Suite-->MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}
Nokia Software Updater-->MsiExec.exe /X{48110A46-A3A4-481E-8230-7873B7F4C696}
Nokia Video Manager-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{B1B4E612-9ACC-4fab-BD04-1721D9503266}\NokiaVideoManager1.6.exe" /MAINTENANCE /SILENT="SGWLRPFCE" /LANG="2057" /O=";EXTUNINSTALL=1"
Nokia Video Manager-->MsiExec.exe /I{B1B4E612-9ACC-4FAB-BD04-1721D9503266}
PaperPort 7.02-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort\Config\DeIsL1.isu" -y -c"C:\Program Files\ScanSoft\PaperPort\UnInstl2.dll"
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime Alternative 1.70-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Ultimate Troubleshooter-->C:\PROGRA~1\ANSWER~1\TROUBL~1\UNWISE.EXE C:\PROGRA~1\ANSWER~1\TROUBL~1\INSTALL.LOG
Ulead VideoStudio 7 SE VCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB Instant VideoCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BAE05B5-0DB4-4152-B28E-529D55C1DD9F}\setup.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\grmnusb.inf
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
ZENcast Organizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove

=====HijackThis Backups=====

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab [2008-10-14]
O20 - Winlogon Notify: ljjkhhh - ljjkhhh.dll (file missing) [2008-10-14]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free (outdated)

======System event log======

Computer Name: ALANS
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Record Number: 7367
Source Name: DCOM
Time Written: 20090326225854.000000+000
Event Type: error
User: ALANS\claire

Computer Name: ALANS
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Record Number: 7366
Source Name: DCOM
Time Written: 20090326225839.000000+000
Event Type: error
User: ALANS\claire

Computer Name: ALANS
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Record Number: 7365
Source Name: DCOM
Time Written: 20090326200836.000000+000
Event Type: error
User: ALANS\claire

Computer Name: ALANS
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Record Number: 7364
Source Name: DCOM
Time Written: 20090326200825.000000+000
Event Type: error
User: ALANS\claire

Computer Name: ALANS
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Record Number: 7363
Source Name: DCOM
Time Written: 20090326200814.000000+000
Event Type: error
User: ALANS\claire

=====Application event log=====

Computer Name: ALANS
Event Code: 1517
Message: Windows saved user ALANS\claire registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1936
Source Name: Userenv
Time Written: 20090119232109.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ALANS
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 1922
Source Name: usnjsvc
Time Written: 20090119163539.000000+000
Event Type:
User:

Computer Name: ALANS
Event Code: 1001
Message: Fault bucket 905106322.

Record Number: 1920
Source Name: Application Error
Time Written: 20090119145006.000000+000
Event Type: error
User:

Computer Name: ALANS
Event Code: 1000
Message: Faulting application avgupd.exe, version 8.0.0.159, faulting module unknown, version 0.0.0.0, fault address 0x00360283.

Record Number: 1919
Source Name: Application Error
Time Written: 20090119145000.000000+000
Event Type: error
User:

Computer Name: ALANS
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 1891
Source Name: usnjsvc
Time Written: 20090116174758.000000+000
Event Type:
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\QuickTime Alternative\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0801
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

[Dakeyras]

Hi

hi Dakeyras thanks for your help the pc seems to run ok when i dont use internet explorer as my browser but when i do it uses 90% cpu on one ie process, i ran the applications you requested but with ie xplorer not started up, if this makes any difference i dont know. when i tried to run rooter i got this pop box windows-no disk
exception processing message cooooo13 parameters

75b6bfrc 4 75b6f7c 75b6bf7c i hit continue and then it ran results as follows:

Your welcome and thank you for the situation update.

I have made a note of this and we will be addressing the Windows - No Disk related errors in due course. This may be have caused by malware and or something related to a software conflict too removable drives not stopped/removed safely. For the time being leave all removable storage media disconnected.

This computer is in quite a mess I must say but the plus side is we should be able to rectify the situation

If I may draw your attention to the below:

BitLord 1.1

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

BitLord 1.1

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Next:

I notice a very powerful tool, namely ComboFix is present on the system and has been used. Have you received help in the past and or ran this by yourself?

If the latter not a wise move as when used without the guidance of a trained helper the end result may be your computer ends up nothing more than a door-stop. Not all is doom and gloom I will add merely a friendly warning about using ComboFix on your own if it has been OK.

I would like to see the ComboFix log however please, it is located at the root of the installed Hard-Drive:

Start >> My Computer >> C:\ >> ComboFix.txt

Next:

RSIT is reporting your AVG Anti-Virus is outdated, not a cause for concern OK. Check for any updates and if found please download them.

Note: AVG Anti-Virus should automatically check for updates and download/install them with every system reboot and or periodically if the machine is left running providing a internet connection is active. If this does not appear to happen over the next few days please inform myself.

Next:

Run HJT and click on Open the Misc Tools section.

• Click Open Uninstall Manager...
• Click Save list... and save it to your Desktop.
• Copy and paste the file uninstall_list.txt into your next reply.

When completed the above, please post back the following in the order asked for:

• How is you computer performing now, any other symptoms and or problems encountered?
• ComboFix Log.
• Uninstall List.

[ajsnr1]

hi i uninstalled bitlord updated avg my son gave the pc to a mate of his a couple of weeks ago to try sort out so i dont know what he ran re combofix but heres the log
ComboFix 09-04-22.02 - Beverley H 24/04/2009 2:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.298.1033.18.255.57 [GMT 1:00]
Running from: c:\documents and settings\Beverley H\My Documents\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-03-24 to 2009-04-24 )))))))))))))))))))))))))))))))
.

2009-04-23 06:40 . 2009-04-23 06:40 -------- d-sh--w c:\documents and settings\Beverley H\IECompatCache
2009-04-22 11:53 . 2008-12-11 07:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-22 11:53 . 2009-04-24 00:32 -------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-04-22 11:52 . 2009-04-22 12:24 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-22 11:52 . 2008-12-18 11:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-22 11:52 . 2008-12-10 11:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-22 11:52 . 2009-04-22 11:52 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-04-21 07:46 . 2009-04-21 07:46 -------- d-sh--w c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2009-04-20 21:00 . 2009-02-13 10:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-20 20:59 . 2009-04-20 20:59 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-04-20 17:58 . 2009-04-20 17:58 -------- d-sh--w c:\documents and settings\Beverley H\PrivacIE
2009-04-20 17:54 . 2009-04-20 17:54 -------- d-sh--w c:\documents and settings\Beverley H\IETldCache
2009-04-20 16:07 . 2009-04-20 16:07 -------- d-----w c:\windows\ie8updates
2009-04-20 16:00 . 2009-04-20 16:06 -------- dc-h--w c:\windows\ie8
2009-04-20 15:55 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-19 22:29 . 2009-04-20 16:06 1374 ----a-w c:\windows\imsins.BAK
2009-04-18 22:16 . 2008-03-04 14:59 41144 ----a-w c:\windows\system32\drivers\ShlDrv51.sys
2009-04-18 22:16 . 2008-02-07 11:03 179640 ----a-w c:\windows\system32\drivers\PavProc.sys
2009-04-18 17:01 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-16 20:35 . 2009-04-20 02:02 -------- d--h--w C:\$AVG8.VAULT$
2009-04-16 18:39 . 2009-04-16 18:39 -------- d-----w c:\documents and settings\liz\Application Data\Malwarebytes
2009-04-13 17:47 . 2001-11-25 11:11 81924 ------w c:\windows\system32\drivers\VC4CB104.SYS
2009-04-09 16:27 . 2009-04-09 16:27 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-09 16:27 . 2009-04-09 16:27 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-09 16:27 . 2009-04-09 16:27 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-09 16:27 . 2009-04-20 00:59 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-07 00:58 . 2009-04-07 00:58 -------- d-----w c:\documents and settings\Beverley H\Application Data\Malwarebytes
2009-04-06 23:40 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 23:40 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 23:40 . 2009-04-06 23:40 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\F-Secure
2009-04-06 15:05 . 2009-04-06 15:13 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\fssg
2009-04-06 14:57 . 2009-04-09 14:59 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\f-secure
2009-04-05 19:45 . 2009-04-05 19:45 615 ----a-w c:\windows\system32\UnGET.vbs
2009-04-05 19:45 . 2009-04-05 19:45 615 ----a-w c:\windows\system32\6d6YGyS.vbs
2009-04-05 19:41 . 2009-04-05 19:41 615 ----a-w c:\windows\system32\IWqVfSN.vbs
2009-04-05 19:36 . 2009-04-05 19:36 615 ----a-w c:\windows\system32\uzOsk2r.vbs
2009-04-05 19:35 . 2009-04-05 19:35 615 ----a-w c:\windows\system32\KsLcT.vbs
2009-04-05 19:34 . 2009-04-05 19:34 615 ----a-w c:\windows\system32\gLifdgUYT7FjM.vbs
2009-04-05 18:03 . 2009-04-05 18:03 268 ----a-w c:\windows\_delis32.ini
2009-04-03 19:57 . 2009-04-03 19:57 -------- d-----w c:\documents and settings\liz\Local Settings\Application Data\Identities
2009-04-03 19:56 . 2009-04-03 19:56 -------- d-----w c:\documents and settings\liz\Application Data\Windows Desktop Search
2009-04-03 18:00 . 2009-04-03 18:00 -------- d-----w c:\documents and settings\claire\Local Settings\Application Data\Identities
2009-04-03 17:59 . 2009-04-03 17:59 -------- d-----w c:\documents and settings\claire\Application Data\Windows Desktop Search
2009-04-01 01:42 . 2009-04-01 01:42 -------- d-----w c:\documents and settings\Beverley H\Application Data\Windows Search
2009-04-01 01:41 . 2009-04-01 01:41 -------- d-----w c:\documents and settings\Beverley H\Application Data\Windows Desktop Search
2009-04-01 01:36 . 2008-03-07 17:02 98304 -c----w c:\windows\system32\dllcache\nlhtml.dll
2009-04-01 01:36 . 2008-03-07 17:02 29696 -c----w c:\windows\system32\dllcache\mimefilt.dll
2009-04-01 01:36 . 2008-03-07 17:02 192000 -c----w c:\windows\system32\dllcache\offfilt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 14:34 . 2009-04-22 11:52 -------- d-----w c:\program files\Spyware Doctor
2009-04-22 17:52 . 2009-04-22 17:15 -------- d-----w c:\program files\ThreatExpert Memory Scanner
2009-04-22 11:54 . 2009-04-22 11:52 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-21 13:41 . 2008-03-27 22:48 -------- d-----w c:\program files\Safari
2009-04-20 20:59 . 2009-04-20 20:59 -------- d-----w c:\program files\Avira
2009-04-19 23:52 . 2009-04-19 23:52 -------- d-----w c:\program files\ERUNT
2009-04-19 22:25 . 2008-06-30 20:56 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\SecTaskMan
2009-04-18 22:16 . 2009-04-18 22:16 -------- d-----w c:\program files\Common Files\Panda Security
2009-04-18 17:01 . 2009-04-18 17:01 -------- d-----w c:\program files\Panda Security
2009-04-17 18:08 . 2006-08-17 01:24 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-16 20:35 . 2006-05-20 23:22 -------- d-----w c:\program files\Ares
2009-04-14 20:52 . 2006-11-04 09:07 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-14 20:52 . 2006-11-04 09:07 232 ---ha-w C:\sqmdata03.sqm
2009-04-14 20:45 . 2006-11-04 09:07 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-14 20:45 . 2006-11-04 09:07 232 ---ha-w C:\sqmdata02.sqm
2009-04-14 20:44 . 2006-11-04 09:07 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-14 20:44 . 2006-11-04 09:07 232 ---ha-w C:\sqmdata01.sqm
2009-04-14 20:42 . 2006-11-04 09:07 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-14 20:42 . 2006-11-04 09:07 232 ---ha-w C:\sqmdata00.sqm
2009-04-14 20:41 . 2006-11-04 18:49 232 ---ha-w C:\sqmdata19.sqm
2009-04-14 20:41 . 2006-11-04 09:07 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-14 20:38 . 2006-11-04 18:49 232 ---ha-w C:\sqmdata18.sqm
2009-04-14 20:38 . 2006-11-04 18:49 244 ---ha-w C:\sqmnoopt19.sqm
2009-04-14 01:08 . 2006-11-04 18:49 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-14 01:08 . 2006-11-04 18:48 232 ---ha-w C:\sqmdata17.sqm
2009-04-14 00:44 . 2006-11-04 18:47 232 ---ha-w C:\sqmdata16.sqm
2009-04-14 00:44 . 2006-11-04 18:48 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-14 00:22 . 2006-11-04 18:47 232 ---ha-w C:\sqmdata15.sqm
2009-04-14 00:22 . 2006-11-04 18:47 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-13 17:47 . 2009-04-13 17:47 -------- d-----w c:\program files\REGSHAVE
2009-04-13 17:47 . 2004-11-15 14:03 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-13 14:38 . 2006-11-04 18:47 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-13 14:38 . 2006-11-04 18:47 232 ---ha-w C:\sqmdata14.sqm
2009-04-13 14:38 . 2006-11-04 18:47 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-13 14:38 . 2006-11-04 18:47 232 ---ha-w C:\sqmdata13.sqm
2009-04-13 14:37 . 2006-11-04 18:47 244 ---ha-w C:\sqmnoopt13.sqm
2009-04-13 14:37 . 2006-11-04 18:46 232 ---ha-w C:\sqmdata12.sqm
2009-04-13 14:36 . 2006-11-04 18:46 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-13 14:36 . 2006-11-04 18:41 232 ---ha-w C:\sqmdata11.sqm
2009-04-13 14:35 . 2006-11-04 18:41 244 ---ha-w C:\sqmnoopt11.sqm
2009-04-13 14:35 . 2006-11-04 18:40 232 ---ha-w C:\sqmdata10.sqm
2009-04-13 14:35 . 2006-11-04 18:40 244 ---ha-w C:\sqmnoopt10.sqm
2009-04-13 14:35 . 2006-11-04 18:37 232 ---ha-w C:\sqmdata09.sqm
2009-04-13 14:28 . 2006-11-04 18:37 244 ---ha-w C:\sqmnoopt09.sqm
2009-04-13 14:28 . 2006-11-04 18:37 232 ---ha-w C:\sqmdata08.sqm
2009-04-13 14:28 . 2006-11-04 18:37 244 ---ha-w C:\sqmnoopt08.sqm
2009-04-13 14:28 . 2006-11-04 18:34 232 ---ha-w C:\sqmdata07.sqm
2009-04-13 14:24 . 2006-11-04 18:34 244 ---ha-w C:\sqmnoopt07.sqm
2009-04-13 14:24 . 2006-11-04 09:18 232 ---ha-w C:\sqmdata06.sqm
2009-04-13 14:23 . 2006-11-04 09:18 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-13 14:23 . 2006-11-04 09:08 232 ---ha-w C:\sqmdata05.sqm
2009-04-13 14:19 . 2006-11-04 09:08 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-13 14:19 . 2006-11-04 09:07 232 ---ha-w C:\sqmdata04.sqm
2009-04-09 20:29 . 2009-04-06 15:14 -------- d-----w c:\program files\F-Secure Internet Security
2009-04-09 16:26 . 2008-06-30 00:18 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-04-07 18:30 . 2009-04-07 18:30 -------- d-----w c:\program files\IKEA HomePlanner
2009-04-07 18:28 . 2008-10-14 14:18 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-07 14:59 . 2006-05-21 17:26 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-04-07 13:37 . 2006-05-21 17:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 12:11 . 2008-10-09 14:56 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-07 12:10 . 2009-04-07 12:10 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-07 12:10 . 2009-04-07 12:10 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-06 23:42 . 2009-04-06 23:40 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 18:36 . 2009-04-05 18:36 -------- d-----w c:\program files\Garmin GPS Plugin
2009-04-05 18:36 . 2006-11-05 21:50 -------- d-----w c:\program files\DIFX
2009-04-05 18:36 . 2009-04-05 18:36 -------- d-----w c:\program files\Garmin
2009-04-05 18:04 . 2006-06-10 15:40 -------- d-----w c:\program files\Common Files\Logitech
2009-04-05 18:02 . 2009-01-30 23:20 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-01 01:39 . 2009-04-01 01:39 -------- d-----w c:\program files\Windows Desktop Search
2009-03-16 01:14 . 2006-12-18 16:30 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-16 00:04 . 2007-07-03 10:45 -------- d-----w c:\program files\Kontiki
2009-03-16 00:04 . 2009-03-16 00:04 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Sky
2009-03-15 23:42 . 2009-03-15 23:42 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-08 03:34 . 2004-08-04 01:07 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-04 01:07 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-04 01:07 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-04 01:07 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-04 01:07 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-04 01:07 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-04 01:07 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-04 01:07 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-04 01:07 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2004-08-04 01:07 156160 ----a-w c:\windows\system32\msls31.dll
2008-10-15 19:46 . 2006-11-01 08:36 100208 ----a-w c:\documents and settings\liz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-10-05 12:09 . 2006-05-30 19:25 100208 ----a-w c:\documents and settings\claire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-10-02 23:47 . 2006-06-02 18:06 100208 ----a-w c:\documents and settings\Beverley H\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-02-11 22:31 . 2007-02-11 22:31 9232 ----a-w c:\documents and settings\claire\mqdmmdfl.sys
2007-02-11 22:31 . 2007-02-11 22:31 92064 ----a-w c:\documents and settings\claire\mqdmmdm.sys
2007-02-11 22:31 . 2007-02-11 22:31 79328 ----a-w c:\documents and settings\claire\mqdmserd.sys
2007-02-11 22:31 . 2007-02-11 22:31 66656 ----a-w c:\documents and settings\claire\mqdmbus.sys
2007-02-11 22:31 . 2007-02-11 22:31 6208 ----a-w c:\documents and settings\claire\mqdmcmnt.sys
2007-02-11 22:31 . 2007-02-11 22:31 5936 ----a-w c:\documents and settings\claire\mqdmwhnt.sys
2007-02-11 22:31 . 2007-02-11 22:31 4048 ----a-w c:\documents and settings\claire\mqdmcr.sys
2007-02-11 22:31 . 2006-12-19 16:27 25600 ----a-w c:\documents and settings\claire\usbsermptxp.sys
2007-02-11 22:31 . 2006-12-19 16:27 22768 ----a-w c:\documents and settings\claire\usbsermpt.sys
2006-08-14 00:34 . 2006-08-14 00:25 25600 ----a-w c:\documents and settings\Beverley H\usbsermptxp.sys
2006-08-14 00:34 . 2006-08-14 00:25 22768 ----a-w c:\documents and settings\Beverley H\usbsermpt.sys
2006-06-10 18:15 . 2006-06-10 18:15 133 ----a-w c:\documents and settings\Beverley H\Local Settings\Application Data\fusioncache.dat
2006-05-30 19:25 . 2006-05-30 19:25 129 ----a-w c:\documents and settings\claire\Local Settings\Application Data\fusioncache.dat
2004-11-15 13:54 . 2004-11-15 13:54 12328 ----a-w c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
2009-04-09 16:26 1078552 ----a-w c:\program files\AVG\AVG8\avgssie.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2009-01-26 14:31 1879896 ----a-w c:\progra~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
2005-02-22 13:50 368640 ----a-w c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"= "c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" [2005-02-22 368640]

[HKEY_CLASSES_ROOT\clsid\{ee5d279f-081b-4404-994d-c6b60aaeba6d}]
[HKEY_CLASSES_ROOT\EpsonToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3937476C-846F-459C-BD47-75EC6B0834E4}]
[HKEY_CLASSES_ROOT\EpsonToolBand.ToolBandObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"= "c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" [2005-02-22 368640]

[HKEY_CLASSES_ROOT\clsid\{ee5d279f-081b-4404-994d-c6b60aaeba6d}]
[HKEY_CLASSES_ROOT\EpsonToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3937476C-846F-459C-BD47-75EC6B0834E4}]
[HKEY_CLASSES_ROOT\EpsonToolBand.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-09 1932568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= "c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll" [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-03-08 236544]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-09 16:27 10520 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^claire^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\claire\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^liz^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk.disabled]
path=c:\documents and settings\liz\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"KService"=2 (0x2)
"iPod Service"=3 (0x3)
"ecure"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WSearch"=2 (0x2)
"RasMan"=3 (0x3)
"Alerter"=2 (0x2)
"svchost1"=2 (0x2)
"odserv"=3 (0x3)
"PavPrSrv"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"kdx"="c:\program files\Kontiki\KHost.exe" -all
"REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R3 AdWatchDrv;AW Realtime Driver; [x]
R3 ca506aaf;ADS USB Audio Filter Driver (WDM);c:\windows\system32\drivers\ca506aaf.sys [2002-04-29 14273]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2006-12-13 40832]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
R3 SPCA506AV;USB Instant VCD;c:\windows\system32\DRIVERS\CA506AV.SYS [2002-07-30 178835]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-09 908056]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R4 ecure;FireDaemon Service: ecure; [x]
R4 svchost1;FireDaemon Service: svchost1; [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-22 130936]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-09 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-09 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2008-02-07 179640]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MCHINJDRV
*NewlyCreated* - PCTCORE
*NewlyCreated* - SSMDRV
*Deregistered* - ALG
*Deregistered* - AntiVirSchedulerService
*Deregistered* - AntiVirService
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - DwShield0000685F
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - ImapiService
*Deregistered* - Irmon
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mchInjDrv
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - sdAuxService
*Deregistered* - sdCoreService
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2006-08-16 c:\windows\Tasks\dfrg defrag.job
- c:\windows\system32\dfrg.msc [2004-08-04 01:07]

2009-04-13 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-04-07 14:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll
SharedTaskScheduler-{438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-PostBootReminder-{7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-SysTray-{35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll


.
------- Supplementary Scan -------
.
mWindow Title = LIVERPOOL RULE UNITED ARE SCUM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\Java\jre1.6.0_03\bin\ssv.dll
IE: {{2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\MICROS~2\Office12\ONBttnIE.dll
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\MIC273~1\Office12\REFIEBAR.DLL
IE: {{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\SPYBOT~1\SDHelper.dll
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - c:\windows\system32\mscoree.dll
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - c:\windows\system32\mscoree.dll
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - c:\windows\system32\mscoree.dll
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - c:\windows\system32\urlmon.dll
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} -
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - c:\progra~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - c:\windows\system32\urlmon.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\HP\hpcoretech\comp\hpuiprot.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - c:\windows\system32\msvidctl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\AVG\AVG8\avgpp.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - c:\progra~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\program files\Common Files\Microsoft Shared\Help\hxds.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - c:\progra~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} -
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - c:\windows\system32\wiascr.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by124w.bay124.mail.live.com/mail ... nPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se5483.cab
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} - hxxp://esupport.epson-europe.com/selfte ... TPTest.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://alanmurphy1.spaces.live.com/Phot ... nPUpld.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 03:01
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A2805DA7-0C85-FE5C-F241-48FBF06EC61E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"bbikekmhakgnaplpnallgfahajamcjpdfomg"=hex:6a,61,70,65,66,64,64,6d,69,6f,64,65,
67,6d,65,65,64,6f,6d,6f,00,00
"abkmcppgdebpppknjoikbgjddfopdlhkfi"=hex:6a,61,65,66,66,62,6d,66,6b,64,6e,62,
68,70,6a,6d,6d,63,62,68,00,00
"bbikekmhakgnaplpnallgfahajamfjcakain"=hex:6a,61,70,65,66,64,64,6d,69,6f,64,65,
67,6d,65,65,64,6f,6d,6f,00,00
"abkmcppgdebpppknjoikbgjddfnpoblhdl"=hex:6a,61,65,66,6e,61,65,6f,66,70,70,61,
69,6a,62,68,63,63,6b,6e,00,00
"iaikekmhakgnaplpna"=hex:61,61,00,00
"hakmcppgdebpppkn"=hex:61,61,00,00
"iaelobdnhimakdngnn"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(832)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-04-24 3:09
ComboFix-quarantined-files.txt 2009-04-24 02:09
ComboFix2.txt 2009-04-22 02:02
ComboFix3.txt 2007-12-21 17:13

Pre-Run: 20,711,317,504 bytes free
Post-Run: 20,702,961,664 bytes free

460 --- E O F --- 2008-11-16 23:54

[ajsnr1]

heres the uninstall list
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
ADS Tech Camera View
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AudibleManager
Avanquest update
AVG Free 8.5
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner (remove only)
C-Media 3D Audio
C-Media WDM Audio Driver
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
DivX
DivX Converter
DivX Player
DivX Web Player
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON Scan
EPSON Scan Assistant
EPSON Stylus SX200 Series Printer Uninstall
EPSON Stylus SX200_SX400_TX200_TX400 Manual
EPSON Web-To-Page
FUJIFILM USB Driver
Garmin City Navigator Europe NT v9
Garmin City Navigator Europe v8
Garmin Communicator Plugin
Garmin POI Loader
Garmin POI Loader new
Garmin USB Drivers
Garmin WebUpdater
Garmin WebUpdater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
HP Software Update
HP Wireless Keyboard Driver V1.7 (2.0.W-127AU MUL)
Indeo® software
Intel(R) 536EP Modem
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 3
Labtec WebCam Software
Malwarebytes' Anti-Malware
MGI PhotoSuite III SE (Remove Only)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Baseline Security Analyzer 2.1
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft Office 2000 Premium
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Motorola Driver Installation
Motorola Phone Tools
Motorola Software Update
MSN
MSN Music Assistant
MSVC80_x86
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero 7 Demo
Nero Suite
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Multimedia Factory
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
Nokia Video Manager
Nokia Video Manager
PaperPort 7.02
PC Connectivity Solution
PIF DESIGNER
PowerDVD
QuickTime
QuickTime Alternative 1.70
RealPlayer
Safari
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
The Ultimate Troubleshooter
Ulead VideoStudio 7 SE VCD
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Instant VideoCD
VC 9.0 Runtime
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
XP Codec Pack
ZENcast Organizer

[Dakeyras]

Hi

hi i uninstalled bitlord updated avg my son gave the pc to a mate of his a couple of weeks ago to try sort out so i dont know what he ran re combofix but heres the log

OK that is fine. Also leave ComboFix in-place for the time being, as there is a specific methodology required to remove it correctly. Which we will carry out last of all OK.

Clean Temp Files:

Launch your installed CCLeaner application:

• On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
• If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
• Click on the "Options" icon at the left side of the window, then click on "Advanced."
  deselect "Only delete files in Windows Temp folders older than 48 hours."
• Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
• Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
• After CCleaner has completed its process, click Exit.

Malwarebytes Anti-Malware:

• Launch the application, Check for Updates >> Perform a Quick Scan
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

• Double click once on RSIT.exe
• RSIT will start running, at the disclaimer click on Continue.
• When done, 1 log will be produced.
• Post that in your next reply.

When completed the above, please post back the following:

• Inform myself how your computer is running. Any problems encountered and or further symptoms?
• Malwarebytes Anti-Malware Log.
• A new RSIT Log.

[ajsnr1]

hi dakeyras
thanks for your help so far just a few things to note
when i ran ccleaner it cleaned out only three of the user profiles on the pc it didn't accsess user bethany which is why the malwarebytes antimalware took so long to do a quick scan as the temp internet files on bethanys profile hadnt been deleted also after i ran rsit my browser crashed again i tried repairing the lan connection that didn't work i also rebooted the pc that didn't work either so i restarted the connection three times and it eventually started back up. just one question ? if the problem is with Internet explorer running twice and hogging cpu at 98% should i not have it started up when doing these scans to see if it is starting something else, just checking. thanks.
Malwarebytes' Anti-Malware 1.36
Database version: 2155
Windows 5.1.2600 Service Pack 3

20/05/2009 01:13:53
mbam-log-2009-05-20 (01-13-53).txt

Scan type: Quick Scan
Objects scanned: 139444
Time elapsed: 32 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Beverley H at 2009-05-20 01:16:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (20%) free of 78 GB
Total RAM: 255 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:59, on 20/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Beverley H\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Beverley H.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by124w.bay124.mail.live.com/mail ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5777369296
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selfte ... TPTest.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://alanmurphy1.spaces.live.com/Phot ... nPUpld.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 6350 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\dfrg defrag.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-09 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-05-09 2223872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-05-09 2223872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-09 1947928]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-06 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
C:\Program Files\Evidence Eliminator\ee.exe /m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-03-28 1079296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime Alternative\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-30 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-06 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claire^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^liz^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk.disabled]
C:\Documents and Settings\liz\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3
"usnjsvc"=3
"ServiceLayer"=3
"Microsoft Office Groove Audit Service"=3
"KService"=2
"iPod Service"=3
"ecure"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"WSearch"=2
"RasMan"=3
"Alerter"=2
"svchost1"=2
"odserv"=3
"PavPrSrv"=2
"avg8wd"=2
"avg8emc"=2
"vsmon"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-04-30 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-06-10 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-09 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoThumbnailCache"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Safari\Safari.exe"="C:\Program Files\Safari\Safari.exe:*:Enabled:Safari Web Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-05-18 21:37:35 ----D---- C:\rsit
2009-05-18 21:20:23 ----A---- C:\Rooter.txt
2009-05-18 21:14:48 ----D---- C:\Rooter$
2009-05-09 21:41:44 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-09 21:40:19 ----D---- C:\Documents and Settings\Beverley H\Application Data\AVGTOOLBAR
2009-05-09 20:02:05 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 16:21:15 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-05-05 17:13:36 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-05-05 01:58:02 ----A---- C:\rollback.ini
2009-05-05 01:45:50 ----D---- C:\Documents and Settings\Beverley H\Application Data\MailFrontier
2009-05-05 01:24:16 ----D---- C:\Program Files\Zone Labs
2009-05-05 01:18:55 ----D---- C:\WINDOWS\Internet Logs
2009-05-02 00:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-02 00:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-02 00:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-02 00:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-02 00:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-02 00:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-02 00:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-02 00:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-02 00:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-02 00:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-02 00:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-02 00:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-02 00:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-02 00:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-02 00:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-01 23:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-29 22:24:59 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-25 22:13:03 ----D---- C:\WINDOWS\Minidump
2009-04-25 21:36:29 ----D---- C:\WINDOWS\logs
2009-04-24 03:16:17 ----SHD---- C:\RECYCLER
2009-04-24 03:09:58 ----D---- C:\WINDOWS\temp
2009-04-24 03:09:47 ----A---- C:\ComboFix.txt
2009-04-22 18:15:17 ----D---- C:\Program Files\ThreatExpert Memory Scanner
2009-04-22 12:53:03 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-04-22 02:19:16 ----A---- C:\WINDOWS\vFind.exe
2009-04-22 02:19:16 ----A---- C:\WINDOWS\SWREG.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\zip.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\SWSC.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\sed.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\grep.exe
2009-04-22 02:17:21 ----D---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2009-05-20 00:13:16 ----D---- C:\WINDOWS\Prefetch
2009-05-20 00:11:29 ----D---- C:\WINDOWS
2009-05-19 16:36:16 ----D---- C:\Program Files\BitLord
2009-05-18 23:33:21 ----HD---- C:\WINDOWS\inf
2009-05-18 23:33:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-18 22:14:01 ----D---- C:\WINDOWS\network diagnostic
2009-05-18 21:28:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-05-18 21:27:54 ----D---- C:\WINDOWS\Debug
2009-05-17 23:34:26 ----D---- C:\WINDOWS\system32
2009-05-17 21:57:39 ----SD---- C:\Documents and Settings\Beverley H\Application Data\Microsoft
2009-05-17 21:57:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-05-13 23:57:54 ----SHD---- C:\WINDOWS\Installer
2009-05-13 23:57:53 ----D---- C:\Config.Msi
2009-05-13 23:57:01 ----RSD---- C:\WINDOWS\assembly
2009-05-13 14:17:39 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-09 21:41:05 ----D---- C:\WINDOWS\system32\drivers
2009-05-09 21:39:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2009-05-08 13:27:39 ----A---- C:\WINDOWS\Wininit.ini
2009-05-08 00:24:06 ----D---- C:\WINDOWS\Help
2009-05-07 18:17:46 ----D---- C:\WINDOWS\Registration
2009-05-07 17:56:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-07 17:25:23 ----D---- C:\WINDOWS\security
2009-05-07 15:49:53 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-07 15:49:30 ----D---- C:\Inetpub
2009-05-07 15:49:18 ----D---- C:\WINDOWS\system32\wbem
2009-05-07 15:41:01 ----A---- C:\WINDOWS\win.ini
2009-05-07 14:27:08 ----ASH---- C:\boot.ini
2009-05-07 14:27:08 ----A---- C:\WINDOWS\system.ini
2009-05-07 08:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-05 17:13:36 ----RD---- C:\Program Files
2009-05-05 16:05:58 ----D---- C:\Program Files\Ares
2009-05-05 01:19:26 ----D---- C:\WINDOWS\WinSxS
2009-05-04 13:01:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-03 13:37:54 ----D---- C:\WINDOWS\AppPatch
2009-05-02 00:18:48 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-05-02 00:18:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-02 00:14:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-30 02:27:47 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-29 22:37:54 ----D---- C:\Program Files\Common Files
2009-04-29 17:05:39 ----D---- C:\Program Files\Panda Security
2009-04-29 17:05:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-28 20:06:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-28 18:35:33 ----D---- C:\Program Files\Kontiki
2009-04-22 02:19:14 ----SHD---- C:\System Volume Information
2009-04-22 02:19:14 ----D---- C:\WINDOWS\system32\Restore
2009-04-21 14:41:34 ----D---- C:\Program Files\Safari

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-09 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-09 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-09 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-06-10 746496]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Intels51;Intel(R) 536EP Modem; C:\WINDOWS\system32\DRIVERS\Intels51.sys [2004-12-10 1903338]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 KeyMaestro;KeyMaestro; \??\C:\WINDOWS\system32\drivers\Maestro1.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 ca506aaf;ADS USB Audio Filter Driver (WDM); C:\WINDOWS\system32\drivers\ca506aaf.sys [2002-04-29 14273]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-18 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-18 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-18 21744]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPCA506AV;USB Instant VCD; C:\WINDOWS\system32\DRIVERS\CA506AV.SYS [2002-07-30 178835]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-12-19 22768]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2007-02-11 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-09 298776]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S4 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S4 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------
sorry i posted both logs on one reply hope thats ok

[Dakeyras]

Hi

hi dakeyras
thanks for your help so far just a few things to note

Your very welcome!

OK I have noted what your good self posted, dealing with multiple accounts on a system can be tricky but nothing unsurpassable. Do any of these accounts have Computer Administrator privileges at all? Or is is just this main one bethany? Please answer this in your next reply and we will address that situation when we have this account (bethany) and the computer overall more stable OK.

I do have one request though, the other user accounts on the system, please make sure they are not used during this malware removal process, thank you.

just one question ? if the problem is with Internet explorer running twice and hogging cpu at 98% should i not have it started up when doing these scans to see if it is starting something else, just checking.

We will see how this particular situation goes once we have completed the next set of tasks I have for your good self and we may have to consider a rollback to Internet Explorer 7. Not a cause for concern OK we are making good progress so far.

sorry i posted both logs on one reply hope thats ok

Not a problem

MSConfig Advice:

I see the System Configuration Utility has been used in the past to stop certain applications from starting upon a system reboot/startup etc. This is never wise and there are far safer methods than this. We will address this shortly.

Repair LSP Chain:

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

• Please download LSPFix from here.
• Run the LSPFix.exe that you have just finished downloading.
• Check the I know what I'm doing box.
• In the Keep box you should see one or more instances of mswsock32.dll.
• Select every instance of mswsock32.dll and move each one to the Remove box by clicking the >> button.
• When you are done click Finish>>.

Reset Host File:

• Open Notepad.
• Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK

Code: Select all

@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
del %0

• Go to File >> Save As
• Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
• Change Save as Type to All Files and save the file to your Desktop.
• It should look like this:

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Acrobat 5.0
Adobe Reader 7.0.9 <-- Out of date Adobe installations pose a security risk, we will update this next time.
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 3 <-- Out of date Java installations pose a security risk, we will update this next time.
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4 <-- Both out of date installations, no point keeping installed.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please go here and download ERUNT.
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup to install ERUNT by following the prompts.
• Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
• Make sure that at least the first two check boxes are selected.
• Click on OK
• Then click on YES to create the folder.

Next:

Please download OTMoveIT3 to your Desktop.

• Double-click OTMoveIt3.exe to start the program.
• Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):

Code: Select all

:Processes
Explorer.exe

:Files
C:\Inetpub
C:\rollback.ini
C:\Program Files\Ares
C:\Program Files\BitLord
C:\Program Files\Panda Security
C:\Program Files\Zone Labs
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}]
[-HKEY_CLASSES_ROOT\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claire^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^liz^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk.disabled]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=-
"usnjsvc"=-
"ServiceLayer"=3
"Microsoft Office Groove Audit Service"=-
"KService"=-
"iPod Service"=-
"ecure"=-
"Bonjour Service"=-
"Apple Mobile Device"=-
"WSearch"=-
"RasMan"=-
"Alerter"=2
"svchost1"=-
"odserv"=-
"PavPrSrv"=-
"avg8wd"=-
"avg8emc"=-
"vsmon"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVGAnti-Spyware Driver]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitLord\BitLord.exe"=-
[-HKEY_USERS\S-1-5-21-854245398-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A2805DA7-0C85-FE5C-F241-48FBF06EC61E}*]

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]

• Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
• Then click the red MoveIt! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
• If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTMoveIt3.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

• Double click once on RSIT.exe
• RSIT will start running, at the disclaimer click on Continue.
• When done, 1 log will be produced.
• Post that in your next reply.

When completed the above, please post back the following:

• Inform myself how your computer is running. Any problems encountered and or further symptoms?
• Anwser to my User Accounts Query.
• OTMoveIt3 Log.
• A new RSIT Log.

[ajsnr1]

hi again
with regard to user accounts the four of them have admin privileges as far as i know but if i boot up in safe mode the only one that appears on the login screen besides the administrator (which we dont know the password for as the p.c. is a hand me down from sister in law) is bethany for some reason.
carried out the tasks you requested with regard to program deletions had a slight prob with adobe as follows;
adobe acrobat 5 didnt delete the following files
Unable to delete folder 'C:\Documents and Settings\Beverley H\Application Data\Adobe\Acrobat'.
Unable to delete folder 'C:\Documents and Settings\Beverley H\Application Data\Adobe'.
Unable to delete folder 'C:\Program Files\Common Files\Adobe'.
Unable to delete folder 'C:\Program Files\Adobe'.
Unable to delete registry value 'HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\User Trusted External Applications\C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe'. should i manually locate and delete them?
when i clicked on the link for erunt the safari browser started to hang and stopped responding for about 30 second a couple of times during the download request. other than that seems ok but havnt started iexplorer to check it yet logs as requested follows:

========== PROCESSES ==========
Process Explorer.exe killed successfully.
========== FILES ==========
C:\Inetpub\wwwroot moved successfully.
C:\Inetpub\AdminScripts moved successfully.
C:\Inetpub moved successfully.
C:\rollback.ini moved successfully.
C:\Program Files\Ares\data\GUI\OsThemes moved successfully.
C:\Program Files\Ares\data\GUI moved successfully.
C:\Program Files\Ares\data moved successfully.
C:\Program Files\Ares moved successfully.
C:\Program Files\BitLord\Torrents moved successfully.
C:\Program Files\BitLord\rules moved successfully.
C:\Program Files\BitLord\lang moved successfully.
C:\Program Files\BitLord\Downloads\Utilisateur1 moved successfully.
C:\Program Files\BitLord\Downloads\The Grid (2004) moved successfully.
C:\Program Files\BitLord\Downloads\Shrek 3.TS .SWESub.XviD - Christley moved successfully.
C:\Program Files\BitLord\Downloads\Microsoft Money 2005 moved successfully.
C:\Program Files\BitLord\Downloads\Hairspray.2007.TS.xVID-LRC moved successfully.
C:\Program Files\BitLord\Downloads\Hairspray - Original Soundtrack moved successfully.
C:\Program Files\BitLord\Downloads\Hairspray moved successfully.
C:\Program Files\BitLord\Downloads\Brothers.And.Sisters.S01E03.HDTV.XviD-LOL[www.moviex.info]\Sample moved successfully.
C:\Program Files\BitLord\Downloads\Brothers.And.Sisters.S01E03.HDTV.XviD-LOL[www.moviex.info] moved successfully.
C:\Program Files\BitLord\Downloads\Brothers.And.Sisters.S01E02.HDTV.XviD-LOL[www.moviex.info]\Sample moved successfully.
C:\Program Files\BitLord\Downloads\Brothers.And.Sisters.S01E02.HDTV.XviD-LOL[www.moviex.info] moved successfully.
C:\Program Files\BitLord\Downloads moved successfully.
C:\Program Files\BitLord moved successfully.
C:\Program Files\Panda Security moved successfully.
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\resources moved successfully.
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier moved successfully.
C:\Program Files\Zone Labs\ZoneAlarm moved successfully.
C:\Program Files\Zone Labs moved successfully.
C:\WINDOWS\tasks\RegCure.job moved successfully.
C:\WINDOWS\tasks\RegCure Program Check.job moved successfully.
File/Folder C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job not found.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Snapshots(2) moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Logs moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claire^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^liz^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk.disabled\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\AresChatServer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\usnjsvc deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\"ServiceLayer"|3 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\Microsoft Office Groove Audit Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\KService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\iPod Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\ecure deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\Bonjour Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\Apple Mobile Device deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\WSearch deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\RasMan deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\"Alerter"|2 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\svchost1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\odserv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\PavPrSrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\avg8wd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\avg8emc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\vsmon deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVGAnti-Spyware Driver\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitLord\BitLord.exe deleted successfully.
Registry key HKEY_USERS\S-1-5-21-854245398-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A2805DA7-0C85-FE5C-F241-48FBF06EC61E}*\\ not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Beverley H\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05202009_175348

Files moved on Reboot...

[ajsnr1]

rsit log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Beverley H at 2009-05-20 18:17:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (20%) free of 78 GB
Total RAM: 255 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:11, on 20/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Beverley H\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Beverley H.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by124w.bay124.mail.live.com/mail ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... 5777369296
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selfte ... TPTest.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://alanmurphy1.spaces.live.com/Phot ... nPUpld.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel

32\IDriverT.exe

--
End of file - 5361 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\dfrg defrag.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-09 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-05-09 2223872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-05-09 2223872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-09 1947928]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-06 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3
"Alerter"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-04-30 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-06-10 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-09 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoThumbnailCache"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Safari\Safari.exe"="C:\Program Files\Safari\Safari.exe:*:Enabled:Safari Web Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-05-20 17:53:48 ----D---- C:\_OTMoveIt
2009-05-20 17:51:07 ----D---- C:\WINDOWS\ERDNT
2009-05-20 17:50:02 ----D---- C:\Program Files\ERUNT
2009-05-18 21:37:35 ----D---- C:\rsit
2009-05-18 21:20:23 ----A---- C:\Rooter.txt
2009-05-18 21:14:48 ----D---- C:\Rooter$
2009-05-09 21:41:44 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-09 21:40:19 ----D---- C:\Documents and Settings\Beverley H\Application Data\AVGTOOLBAR
2009-05-09 20:02:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 16:21:15 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-05-05 17:13:36 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-05-05 01:45:50 ----D---- C:\Documents and Settings\Beverley H\Application Data\MailFrontier
2009-05-05 01:18:55 ----D---- C:\WINDOWS\Internet Logs
2009-05-02 00:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-02 00:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-02 00:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-02 00:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-02 00:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-02 00:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-02 00:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-02 00:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-02 00:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-02 00:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-02 00:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-02 00:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-02 00:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-02 00:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-02 00:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-01 23:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-29 22:24:59 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-25 22:13:03 ----D---- C:\WINDOWS\Minidump
2009-04-25 21:36:29 ----D---- C:\WINDOWS\logs
2009-04-24 03:16:17 ----SHD---- C:\RECYCLER
2009-04-24 03:09:58 ----D---- C:\WINDOWS\temp
2009-04-24 03:09:47 ----A---- C:\ComboFix.txt
2009-04-22 18:15:17 ----D---- C:\Program Files\ThreatExpert Memory Scanner
2009-04-22 12:53:03 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-04-22 02:19:16 ----A---- C:\WINDOWS\vFind.exe
2009-04-22 02:19:16 ----A---- C:\WINDOWS\SWREG.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\zip.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\SWSC.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\sed.exe
2009-04-22 02:19:15 ----A---- C:\WINDOWS\grep.exe
2009-04-22 02:17:21 ----D---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2009-05-20 18:07:08 ----D---- C:\WINDOWS\Prefetch
2009-05-20 17:54:00 ----SD---- C:\WINDOWS\Tasks
2009-05-20 17:54:00 ----RD---- C:\Program Files
2009-05-20 17:51:07 ----D---- C:\WINDOWS
2009-05-20 17:29:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-20 17:28:05 ----SHD---- C:\WINDOWS\Installer
2009-05-20 17:27:58 ----D---- C:\Program Files\Common Files
2009-05-20 17:27:58 ----D---- C:\Config.Msi
2009-05-20 17:26:51 ----D---- C:\WINDOWS\system32
2009-05-20 17:25:21 ----D---- C:\Program Files\Java
2009-05-20 17:22:42 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-05-20 17:18:32 ----D---- C:\Program Files\Common Files\Adobe
2009-05-20 17:18:32 ----D---- C:\Program Files\Adobe
2009-05-20 01:33:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-18 23:33:21 ----HD---- C:\WINDOWS\inf
2009-05-18 22:14:01 ----D---- C:\WINDOWS\network diagnostic
2009-05-18 21:27:54 ----D---- C:\WINDOWS\Debug
2009-05-17 21:57:39 ----SD---- C:\Documents and Settings\Beverley H\Application Data\Microsoft
2009-05-17 21:57:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-05-13 23:57:01 ----RSD---- C:\WINDOWS\assembly
2009-05-13 14:17:39 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-09 21:41:05 ----D---- C:\WINDOWS\system32\drivers
2009-05-09 21:39:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2009-05-08 13:27:39 ----A---- C:\WINDOWS\Wininit.ini
2009-05-08 00:24:06 ----D---- C:\WINDOWS\Help
2009-05-07 18:17:46 ----D---- C:\WINDOWS\Registration
2009-05-07 17:56:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-07 17:25:23 ----D---- C:\WINDOWS\security
2009-05-07 15:49:53 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-07 15:49:18 ----D---- C:\WINDOWS\system32\wbem
2009-05-07 15:41:01 ----A---- C:\WINDOWS\win.ini
2009-05-07 14:27:08 ----ASH---- C:\boot.ini
2009-05-07 14:27:08 ----A---- C:\WINDOWS\system.ini
2009-05-07 08:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-05 01:19:26 ----D---- C:\WINDOWS\WinSxS
2009-05-04 13:01:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-03 13:37:54 ----D---- C:\WINDOWS\AppPatch
2009-05-02 00:18:48 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-05-02 00:18:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-02 00:14:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-30 02:27:47 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-29 17:05:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-28 20:06:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-28 18:35:33 ----D---- C:\Program Files\Kontiki
2009-04-22 02:19:14 ----SHD---- C:\System Volume Information
2009-04-22 02:19:14 ----D---- C:\WINDOWS\system32\Restore
2009-04-21 14:41:34 ----D---- C:\Program Files\Safari

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-09 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-09 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-09 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-06-10 746496]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Intels51;Intel(R) 536EP Modem; C:\WINDOWS\system32\DRIVERS\Intels51.sys [2004-12-10 1903338]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 KeyMaestro;KeyMaestro; \??\C:\WINDOWS\system32\drivers\Maestro1.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 ca506aaf;ADS USB Audio Filter Driver (WDM); C:\WINDOWS\system32\drivers\ca506aaf.sys [2002-04-29 14273]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-18 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-18 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-18 21744]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPCA506AV;USB Instant VCD; C:\WINDOWS\system32\DRIVERS\CA506AV.SYS [2002-07-30 178835]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-12-19 22768]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2007-02-11 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-09 298776]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24

70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S4 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe []
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S4 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24

68464]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------
thanks .

[Dakeyras]

Hi

Part of the OTMI3 log is missing, not to worry it was a large script to run and we will be running another smaller one shortly.

RE the Adobe related they should have gone during the uninstall process, not to worry even though we will be installing a new version shortly I think it would be prudent to remove these in-case the original installations were damaged.

What you mentioned about the User accounts is fine and similar appears on this machine I am using when I enter safe mode. By default the Comp' Admin unless a password is set is nothing but the bethany account is a Admin one also as far as I can tell. When we have finished with the bethney account we can address/check the others OK.

Getting back to what you mentioned about the safari browser this is normal as far as I can recall though being honest it has been a very long time since I have used this particular browser and I am not at all ofay with the latest version. For now anything I ask to be either downloaded or run online please do so with Interent Explorer.

We are getting there slowly but surely and I see a improvement overall from the last set of logs your good self provided. We are not out of the woods yet so to speak and will most likely be another few days yet. So please do not disappear on myself after all the progress we have accomplished so far!

Wordwrap Check:

• Click on Start >> All Programs >> Accessories >> Notepad
• Click on Format ensure that Wordwrap is unchecked.
• If it isn't, uncheck it.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT

• Click on OK within the pop-up menu.
• In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
• System registry
• Current user registry
• Next click on OK
• When the Question pop-up appears click on Yes
• After a short duration the Registry backup is complete! popup will appear
• Now click on OK.
• A new backup has now been created.

Custom OTMI Script:

• Double-click OTMoveIt3.exe to start the program.
• Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):

Code: Select all

:Processes
Explorer.exe

:Files
C:\Documents and Settings\Beverley H\Application Data\Adobe\Acrobat
C:\Documents and Settings\Beverley H\Application Data\Adobe
C:\Program Files\Common Files\Adobe
C:\Program Files\Adobe

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\User Trusted External Applications]
"C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe"=-

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]

• Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
• Then click the red MoveIt! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
• If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTMoveIt3.

New Adobe Reader Installation:

• Go here and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Reader.
• Save this file to your desktop and run it to install the latest version of Adobe Reader.

New Java Installation:

• Click here to visit Java's website.
• Scroll down to Java SE Runtime Environment (JRE) 6 Update 13. Click on Download.
• Select Windows from the drop-down list for Platform.
• Select Multi-language from the drop-down list for Language.
• Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
• Click on jre-6u13-windows-i586-p.exe link to download it and save this to a convenient location.
• Double click on jre-6u13-windows-i586-p.exe to install Java.

Run Kaspersky Online AV Scanner:

Go to this Kaspersky website and perform an online antivirus scan.

Note: Use Internet Explorer for this scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

This online tuturial will help explain how to use the aforementioned online scan.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

• Double click once on RSIT.exe
• RSIT will start running, at the disclaimer click on Continue.
• When done, 1 log will be produced.
• Post that in your next reply.

When completed the above, please post back the following:

• How is you computer performing now? Any problems encountered and or any further symptoms?
• OTMoveIt3 Log.
• Kaspersky results.
• A new RSIT Log.