Free Malware Removal Forum

by **Steve001** » July 22nd, 2010, 1:57 pm

As the title says I'm have trouble with searches being redirected. I also mentioned other strange things occurring and they are short cuts not working and Windows hanging upon shutdown. These other oddities seem concurrent with this virus.

Thanks,
Steve

Here's the most recent HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:58 PM, on 7/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6060927
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5995 bytes

by **melboy** » July 25th, 2010, 5:04 pm

Hi and welcome to the MR forums.

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

I will be working on your Malware issues this may or may not solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
If you don't know or understand something, please don't hesitate to ask.
Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.

================================================

DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Disable any script blocker, and then double click dds.scr to run the tool. A command window will appear, this is normal.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.

Please copy & paste the contents of :

DDS.txt
Attach.txt

And post them in your next reply.

Gmer

Download GMER Rootkit Scanner from here.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
See image below
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in your next reply
Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or keeps resulting in a BSoDs, uncheck Devices on the right side before scanning -- If you continue to encounter problems, try running GMER in safe mode

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

In your next reply:

DDS.txt
Attach.txt
GMER log

by **Steve001** » July 25th, 2010, 11:14 pm

Thanks for replying. I will run both tomorrow.

by **melboy** » July 26th, 2010, 12:14 pm

Ok - post when ready.

by **Steve001** » July 26th, 2010, 4:43 pm

Here are the three reports you requested

DDS

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/29/2006 3:04:05 PM
System Uptime: 7/26/2010 4:39:35 PM (0 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 35.129 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP180: 4/17/2010 1:18:42 PM - Configured AVG 9.0
RP181: 4/17/2010 2:25:29 PM - Restore Operation
RP182: 4/22/2010 9:12:04 AM - Configured PRODUCT_NAME
RP183: 5/7/2010 3:26:00 PM - Configured PRODUCT_NAME
RP184: 5/7/2010 10:06:38 PM - Installed Java(TM) 6 Update 20
RP185: 5/8/2010 12:08:37 AM - Software Distribution Service 3.0
RP186: 5/8/2010 9:02:38 AM - Software Distribution Service 3.0
RP187: 5/8/2010 2:11:58 PM - Software Distribution Service 3.0
RP188: 5/9/2010 8:04:34 AM - Software Distribution Service 3.0
RP189: 5/9/2010 12:14:53 PM - Software Distribution Service 3.0
RP190: 5/11/2010 9:40:10 PM - Software Distribution Service 3.0
RP191: 5/14/2010 3:37:56 PM - Software Distribution Service 3.0
RP192: 5/17/2010 3:57:40 PM - Removed UnInstaller
RP193: 5/17/2010 4:01:12 PM - Installed McAfee UnInstaller
RP194: 5/19/2010 4:13:20 PM - System Checkpoint
RP195: 5/23/2010 10:45:07 PM - Installed iTunes
RP196: 7/13/2010 4:20:06 PM - Software Distribution Service 3.0
RP197: 7/14/2010 8:17:06 AM - Software Distribution Service 3.0
RP198: 7/14/2010 10:09:45 AM - Software Distribution Service 3.0
RP199: 7/14/2010 5:35:51 PM - Software Distribution Service 3.0
RP200: 7/16/2010 9:02:39 AM - Software Distribution Service 3.0
RP201: 7/17/2010 9:30:38 AM - Software Distribution Service 3.0
RP202: 7/19/2010 7:12:55 AM - System Checkpoint
RP203: 7/21/2010 3:05:55 PM - System Checkpoint
RP204: 7/24/2010 8:45:36 AM - System Checkpoint

==== Installed Programs ======================

==== Event Viewer Messages From Past Week ========

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86
Run by steve at 16:45:00.23 on Mon 07/26/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1190 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\steve\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer provided by Comcast
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\xasojl8t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

2008-01-30 21:37:06 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:46:54.72 ===============

Gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-26 16:35:56
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\steve\LOCALS~1\Temp\pwloapob.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\system32\svchost.exe[656] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 013A000A
.text C:\WINDOWS\Explorer.EXE[1100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1100] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C5000A
.text C:\WINDOWS\Explorer.EXE[1100] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat B9BBED20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver@DisplayName Server
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver@Description Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\AutotunedParameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcConfigInfo 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcTransportEnum 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcConnection 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcServerDiskEnum 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcFile 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcShareFileInfo 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcSharePrintInfo 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcShareAdminInfo 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcShareConnect 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcShareAdminConnect 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcStatisticsInfo 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@AnonymousDescriptorsUpgraded 1
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@PreviousAnonymousRestriction 0
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SrvsvcSessionInfo 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\DefaultSecurity@SessionSecurityDescriptorRegenerated 1
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\Linkage (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\Linkage@Bind \Device\NetbiosSmb?\Device\NetBT_Tcpip_{5823CCB5-97EB-4EF4-B451-61390CF475F5}?\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}?\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}?
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\Linkage@Route "NetbiosSmb"?"NetBT" "Tcpip" "{5823CCB5-97EB-4EF4-B451-61390CF475F5}"?"NetBT" "Tcpip" "NdisWanIp"?
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\Linkage@Export \Device\LanmanServer_NetbiosSmb?\Device\LanmanServer_NetBT_Tcpip_{5823CCB5-97EB-4EF4-B451-61390CF475F5}?\Device\LanmanServer_NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}?\Device\LanmanServer_NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}?
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@autodisconnect 15
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@enableforcedlogoff 1
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@enablesecuritysignature 0
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@requiresecuritysignature 0
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@NullSessionPipes COMNAP?COMNODE?SQL\QUERY?SPOOLSS?LLSRPC?browser?
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@NullSessionShares COMCFG?DFS$?
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@ServiceDll %SystemRoot%\System32\srvsvc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@Lmannounce 0
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@Size 1
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@Guid 0xBF 0xFD 0x6D 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\parameters@AdjustedNullSessionPipes 1
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\Shares (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\Shares\Security (not active ControlSet)

---- EOF - GMER 1.0.15 ----

by **melboy** » July 26th, 2010, 5:00 pm

Hi

There's quite a bit of information missing there. Give me an RSIT scan.

random's system information tool (RSIT)

Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt (<<will be maximized)
- info.txt (<<will be minimized)
Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)

by **Steve001** » July 26th, 2010, 7:28 pm

Which is missing info ?

(Sometimes you have to make several post to get the logs posted.)Post both of these logs in your next reply

I see after running RSIT only what I've posted below.

This just popped up.
Ad-Watch live has blocked pdfupd.exe from starting. The process has been identified as Trojan.Win32.Generic.pak!cobra)

RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by steve at 2010-07-26 19:25:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (50%) free of 71 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:15 PM, on 7/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\steve\Desktop\sdownloads\New Folder (4)\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\steve.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6060927
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Internet Explorer Plugin - {9FE088DC-C3B2-479C-A314-08F90CE5166F} - vecrits93.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xgukxzrvux.exe] C:\xgukxzrvux.exe\xgukxzrvux.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6394 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2810448116-9971513-1748473005-1006Core.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69D72956-317C-44bd-B369-8E44D4EF9801}]
SafeOnline BHO - C:\WINDOWS\system32\PxSecure.dll [2010-07-07 68120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FE088DC-C3B2-479C-A314-08F90CE5166F}]
Internet Explorer Plugin - C:\WINDOWS\system32\vecrits93.dll [2010-07-26 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-07 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"tgcmd"=C:\Program Files\support.com\bin\tgcmd.exe [2002-04-24 1544192]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"xgukxzrvux.exe"=C:\xgukxzrvux.exe\xgukxzrvux.exe [2009-02-09 175616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
C:\Dell\DellHelp\DellHelp.exe [2004-04-01 1589248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-11 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2003-02-12 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2002-10-08 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2
"mcupdmgr.exe"=2
"McTskshd.exe"=2
"McShield"=2
"McDetect.exe"=2
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"avg8wd"=2
"AVGIDSAgent"=2
"avg9wd"=2
"SharedAccess"=2
"iPod Service"=3
"Fax"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"CCALib8"=2
"JavaQuickStarterService"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WEB Framework\wbfrmwrk.exe"="C:\Program Files\WEB Framework\wbfrmwrk.exe:*:Enabled:WEBFramework"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-26 17:03:12 ----A---- C:\WINDOWS\system32\vecrits93.dll
2010-07-21 09:31:06 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-07-21 08:06:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 08:05:57 ----D---- C:\Program Files\Lavasoft
2010-07-16 09:09:33 ----D---- C:\WINDOWS\ie7updates
2010-07-16 09:08:10 ----D---- C:\WINDOWS\WBEM
2010-07-16 09:06:53 ----HDC---- C:\WINDOWS\ie7
2010-07-16 09:06:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-07-16 09:06:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-07-14 17:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-07-14 17:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-07-14 17:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-07-14 16:32:21 ----D---- C:\WINDOWS\Prefetch
2010-07-14 10:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-07-14 10:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-07-14 10:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-14 10:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-07-14 10:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-07-14 10:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-14 10:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-14 10:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-07-14 10:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-07-14 10:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-07-14 10:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-07-14 10:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-07-14 10:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-07-14 10:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-07-14 10:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-07-14 10:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-14 10:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-07-14 10:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-07-14 10:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-07-14 10:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-07-14 10:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-07-14 10:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-07-14 10:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-07-14 10:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-07-14 10:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-07-14 10:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-07-14 10:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-07-14 10:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-07-14 10:42:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-07-14 10:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-07-14 10:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-07-14 10:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-07-14 10:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-07-14 10:41:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-07-14 10:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-07-14 10:40:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-07-14 10:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-07-14 10:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-07-14 10:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-07-14 10:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_1$
2010-07-14 10:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2010-07-14 10:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-07-14 10:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-07-14 10:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-07-14 10:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-07-14 10:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-07-14 10:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-07-14 10:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-07-14 10:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-07-14 10:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-07-14 10:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-07-14 10:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-07-14 10:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-07-14 10:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-07-14 10:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-07-14 10:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-07-14 10:33:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-07-14 10:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-07-14 10:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-07-14 10:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-07-14 10:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-07-14 10:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-07-14 10:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-07-14 10:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-07-14 10:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-07-14 10:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-07-14 10:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-07-14 10:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-07-14 10:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-07-14 10:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-07-14 10:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-07-14 10:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-07-14 10:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 10:24:06 ----D---- C:\WINDOWS\system32\scripting
2010-07-14 10:24:05 ----D---- C:\WINDOWS\system32\en
2010-07-14 10:24:05 ----D---- C:\WINDOWS\system32\bits
2010-07-14 10:24:05 ----D---- C:\WINDOWS\l2schemas
2010-07-14 10:18:50 ----D---- C:\WINDOWS\network diagnostic
2010-07-14 10:13:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-07-14 08:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB980218_0$
2010-07-14 08:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
2010-07-14 08:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-14 08:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$
2010-07-14 08:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-07-14 08:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979559_0$
2010-07-14 08:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-14 08:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979482_0$
2010-07-14 08:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975562_0$
2010-07-14 08:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_0$
2010-07-11 10:37:42 ----D---- C:\Documents and Settings\steve\Application Data\Malwarebytes
2010-07-11 10:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-07 17:43:51 ----D---- C:\Documents and Settings\steve\Application Data\CheckPoint
2010-07-07 17:38:38 ----D---- C:\Program Files\CheckPoint
2010-07-07 17:37:04 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-07-07 17:37:04 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-07-07 17:36:59 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-07-07 17:36:16 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-07-07 17:36:09 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-07-07 17:36:09 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-07-07 17:36:08 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-07-07 17:32:51 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-07-07 17:32:51 ----A---- C:\WINDOWS\system32\vsinit.dll

======List of files/folders modified in the last 1 months======

2010-07-26 19:25:17 ----D---- C:\WINDOWS\Internet Logs
2010-07-26 19:22:25 ----SD---- C:\WINDOWS\Tasks
2010-07-26 19:22:08 ----D---- C:\WINDOWS\Temp
2010-07-26 19:21:56 ----D---- C:\WINDOWS
2010-07-26 19:21:34 ----D---- C:\WINDOWS\Registration
2010-07-26 19:21:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-26 17:12:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-26 17:03:39 ----D---- C:\xgukxzrvux.exe
2010-07-26 17:03:12 ----D---- C:\WINDOWS\system32
2010-07-26 16:20:35 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-26 09:28:44 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-07-25 11:19:31 ----D---- C:\WINDOWS\system32\FxsTmp
2010-07-23 22:14:46 ----D---- C:\Program Files\Mozilla Firefox
2010-07-23 19:30:40 ----D---- C:\WINDOWS\system32\wbem
2010-07-23 19:30:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-22 09:53:39 ----D---- C:\Documents and Settings\steve\Application Data\QuickScan
2010-07-21 23:41:57 ----RASH---- C:\boot.ini
2010-07-21 23:41:57 ----A---- C:\WINDOWS\win.ini
2010-07-21 23:41:57 ----A---- C:\WINDOWS\system.ini
2010-07-21 15:58:46 ----D---- C:\WINDOWS\system32\drivers
2010-07-21 15:58:46 ----D---- C:\WINDOWS\pchealth
2010-07-21 08:23:23 ----HD---- C:\WINDOWS\inf
2010-07-21 08:23:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-21 08:23:18 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-21 08:06:22 ----SHD---- C:\WINDOWS\Installer
2010-07-21 08:05:57 ----D---- C:\Program Files
2010-07-21 08:05:49 ----D---- C:\WINDOWS\WinSxS
2010-07-21 00:19:18 ----RD---- C:\WINDOWS\Offline Web Pages
2010-07-21 00:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2010-07-20 00:25:40 ----D---- C:\WINDOWS\security
2010-07-20 00:21:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-18 12:37:16 ----A---- C:\WINDOWS\OEWABLog.txt
2010-07-17 12:20:14 ----A---- C:\WINDOWS\UnitConverter.ini
2010-07-17 09:32:56 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-17 09:32:37 ----D---- C:\WINDOWS\system32\dllcache
2010-07-17 09:31:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-16 15:39:33 ----D---- C:\WINDOWS\Help
2010-07-16 15:39:33 ----D---- C:\Program Files\Internet Explorer
2010-07-16 09:09:54 ----A---- C:\WINDOWS\imsins.BAK
2010-07-16 09:09:44 ----D---- C:\WINDOWS\system32\en-US
2010-07-16 09:08:18 ----D---- C:\WINDOWS\system32\config
2010-07-16 09:08:03 ----D---- C:\WINDOWS\Media
2010-07-15 20:38:38 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-15 20:33:05 ----RSD---- C:\WINDOWS\assembly
2010-07-15 08:51:55 ----D---- C:\Documents and Settings\steve\Application Data\Canon
2010-07-14 17:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-07-14 16:33:14 ----A---- C:\WINDOWS\setuplog.txt
2010-07-14 16:30:39 ----D---- C:\WINDOWS\system32\Setup
2010-07-14 16:30:39 ----D---- C:\WINDOWS\AppPatch
2010-07-14 16:30:37 ----RSD---- C:\WINDOWS\Fonts
2010-07-14 10:47:12 ----D---- C:\Program Files\Outlook Express
2010-07-14 10:45:37 ----D---- C:\Program Files\Movie Maker
2010-07-14 10:29:52 ----D---- C:\Program Files\Messenger
2010-07-14 10:24:16 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-14 10:24:16 ----D---- C:\WINDOWS\ime
2010-07-14 10:24:06 ----D---- C:\WINDOWS\system32\usmt
2010-07-14 10:24:05 ----D---- C:\WINDOWS\PeerNet
2010-07-14 10:21:42 ----D---- C:\WINDOWS\ServicePackFiles
2010-07-14 10:21:22 ----D---- C:\WINDOWS\system32\Restore
2010-07-14 10:21:22 ----D---- C:\WINDOWS\system32\npp
2010-07-14 10:21:22 ----D---- C:\WINDOWS\mui
2010-07-14 10:21:19 ----D---- C:\WINDOWS\msagent
2010-07-14 10:21:16 ----D---- C:\WINDOWS\srchasst
2010-07-14 10:21:15 ----D---- C:\Program Files\NetMeeting
2010-07-14 10:21:11 ----D---- C:\WINDOWS\system32\Com
2010-07-14 10:21:04 ----D---- C:\Program Files\Windows NT
2010-07-14 10:20:58 ----D---- C:\Program Files\Common Files\System
2010-07-14 10:20:41 ----D---- C:\WINDOWS\system32\oobe
2010-07-14 10:20:39 ----D---- C:\WINDOWS\system
2010-07-14 10:17:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-14 10:13:44 ----D---- C:\WINDOWS\ehome
2010-07-13 15:42:50 ----D---- C:\WINDOWS\pss
2010-07-12 22:28:00 ----D---- C:\Documents and Settings\steve\Application Data\Apple Computer
2010-07-12 16:47:24 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2010-07-12 07:47:57 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2010-07-11 23:49:40 ----D---- C:\WINDOWS\Minidump
2010-07-11 10:37:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-07 21:32:24 ----A---- C:\WINDOWS\system32\PxSecure.dll
2010-07-07 21:32:23 ----D---- C:\Program Files\Prevx
2010-07-07 21:32:15 ----A---- C:\WINDOWS\wininit.ini
2010-07-07 17:43:18 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-07-02 12:39:06 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2002-10-08 7582]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys [2010-07-07 61752]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys [2010-07-07 24400]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-17 30104]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-17 30104]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 389504]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2010-07-07 6384592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-07 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

by **melboy** » July 27th, 2010, 7:59 am

Steve001 wrote:Which is missing info ?

The DDS log had empty sections where info should be. This could be due to a number of reasons. RSIT has given me the required info. The missing RSIT log can be found at:
C:\RSIT\info.txt Please post it along with the MBAM log.

TFC

Please download TFC by Old Timer to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
Click the Start button in the bottom left of TFC
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
When done, you will be prompted. Click OK. If Items are found, then click on Show Results
Check all items then click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply.

The log can also be found here:
1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.

by **Steve001** » July 27th, 2010, 5:02 pm

I wasn't able to find any missing log other than one dated 5/??/10. So I ran Rsit again.
Here's the log. MBAM scan included. I hope this has all the information you need

Thanks

RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by steve at 2010-07-27 14:17:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (51%) free of 71 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:57 PM, on 7/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\steve\Desktop\sdownloads\New Folder (4)\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\steve.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6060927
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Internet Explorer Plugin - {9FE088DC-C3B2-479C-A314-08F90CE5166F} - vecrits93.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xgukxzrvux.exe] C:\xgukxzrvux.exe\xgukxzrvux.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6216 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2810448116-9971513-1748473005-1006Core.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69D72956-317C-44bd-B369-8E44D4EF9801}]
SafeOnline BHO - C:\WINDOWS\system32\PxSecure.dll [2010-07-07 68120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FE088DC-C3B2-479C-A314-08F90CE5166F}]
Internet Explorer Plugin - C:\WINDOWS\system32\vecrits93.dll [2010-07-26 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-07 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"tgcmd"=C:\Program Files\support.com\bin\tgcmd.exe [2002-04-24 1544192]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"xgukxzrvux.exe"=C:\xgukxzrvux.exe\xgukxzrvux.exe [2009-02-09 175616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
C:\Dell\DellHelp\DellHelp.exe [2004-04-01 1589248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-11 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2003-02-12 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2002-10-08 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2
"mcupdmgr.exe"=2
"McTskshd.exe"=2
"McShield"=2
"McDetect.exe"=2
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"avg8wd"=2
"AVGIDSAgent"=2
"avg9wd"=2
"SharedAccess"=2
"iPod Service"=3
"Fax"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"CCALib8"=2
"JavaQuickStarterService"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WEB Framework\wbfrmwrk.exe"="C:\Program Files\WEB Framework\wbfrmwrk.exe:*:Enabled:WEBFramework"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2010-07-26 20:52:29 ----A---- C:\WINDOWS\system32\xef.txt
2010-07-26 20:52:29 ----A---- C:\WINDOWS\system32\fsc.txt
2010-07-26 20:52:28 ----A---- C:\WINDOWS\system32\qks.txt
2010-07-26 20:52:28 ----A---- C:\WINDOWS\system32\ide.txt
2010-07-26 20:52:27 ----A---- C:\WINDOWS\system32\lrg.txt
2010-07-26 17:03:12 ----A---- C:\WINDOWS\system32\vecrits93.dll
2010-07-21 09:31:06 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-07-21 08:06:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 08:05:57 ----D---- C:\Program Files\Lavasoft
2010-07-16 09:09:33 ----D---- C:\WINDOWS\ie7updates
2010-07-16 09:08:10 ----D---- C:\WINDOWS\WBEM
2010-07-16 09:06:53 ----HDC---- C:\WINDOWS\ie7
2010-07-16 09:06:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-07-16 09:06:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-07-14 17:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-07-14 17:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-07-14 17:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-07-14 16:32:21 ----D---- C:\WINDOWS\Prefetch
2010-07-14 10:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-07-14 10:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-07-14 10:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-14 10:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-07-14 10:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-07-14 10:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-14 10:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-14 10:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-07-14 10:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-07-14 10:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-07-14 10:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-07-14 10:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-07-14 10:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-07-14 10:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-07-14 10:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-07-14 10:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-14 10:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-07-14 10:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-07-14 10:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-07-14 10:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-07-14 10:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-07-14 10:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-07-14 10:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-07-14 10:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-07-14 10:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-07-14 10:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-07-14 10:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-07-14 10:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-07-14 10:42:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-07-14 10:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-07-14 10:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-07-14 10:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-07-14 10:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-07-14 10:41:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-07-14 10:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-07-14 10:40:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-07-14 10:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-07-14 10:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-07-14 10:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-07-14 10:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_1$
2010-07-14 10:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2010-07-14 10:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-07-14 10:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-07-14 10:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-07-14 10:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-07-14 10:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-07-14 10:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-07-14 10:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-07-14 10:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-07-14 10:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-07-14 10:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-07-14 10:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-07-14 10:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-07-14 10:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-07-14 10:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-07-14 10:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-07-14 10:33:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-07-14 10:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-07-14 10:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-07-14 10:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-07-14 10:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-07-14 10:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-07-14 10:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-07-14 10:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-07-14 10:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-07-14 10:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-07-14 10:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-07-14 10:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-07-14 10:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-07-14 10:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-07-14 10:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-07-14 10:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-07-14 10:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 10:24:06 ----D---- C:\WINDOWS\system32\scripting
2010-07-14 10:24:05 ----D---- C:\WINDOWS\system32\en
2010-07-14 10:24:05 ----D---- C:\WINDOWS\system32\bits
2010-07-14 10:24:05 ----D---- C:\WINDOWS\l2schemas
2010-07-14 10:18:50 ----D---- C:\WINDOWS\network diagnostic
2010-07-14 10:13:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-07-14 08:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB980218_0$
2010-07-14 08:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
2010-07-14 08:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-14 08:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$
2010-07-14 08:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-07-14 08:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979559_0$
2010-07-14 08:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-14 08:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979482_0$
2010-07-14 08:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975562_0$
2010-07-14 08:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_0$
2010-07-11 10:37:42 ----D---- C:\Documents and Settings\steve\Application Data\Malwarebytes
2010-07-11 10:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-07 17:43:51 ----D---- C:\Documents and Settings\steve\Application Data\CheckPoint
2010-07-07 17:38:38 ----D---- C:\Program Files\CheckPoint
2010-07-07 17:37:04 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-07-07 17:37:04 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-07-07 17:36:59 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-07-07 17:36:16 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-07-07 17:36:09 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-07-07 17:36:09 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-07-07 17:36:08 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-07-07 17:32:51 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-07-07 17:32:51 ----A---- C:\WINDOWS\system32\vsinit.dll

======List of files/folders modified in the last 2 months======

2010-07-27 14:17:57 ----D---- C:\WINDOWS\Temp
2010-07-27 14:16:44 ----D---- C:\WINDOWS\Internet Logs
2010-07-27 14:08:26 ----SD---- C:\WINDOWS\Tasks
2010-07-27 14:06:26 ----D---- C:\WINDOWS
2010-07-27 14:05:19 ----D---- C:\WINDOWS\Registration
2010-07-27 14:05:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-27 09:58:15 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-07-27 09:58:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-27 08:22:12 ----D---- C:\WINDOWS\system32
2010-07-26 16:20:35 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-25 11:19:31 ----D---- C:\WINDOWS\system32\FxsTmp
2010-07-23 22:14:46 ----D---- C:\Program Files\Mozilla Firefox
2010-07-23 19:30:40 ----D---- C:\WINDOWS\system32\wbem
2010-07-23 19:30:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-22 09:53:39 ----D---- C:\Documents and Settings\steve\Application Data\QuickScan
2010-07-21 23:41:57 ----RASH---- C:\boot.ini
2010-07-21 23:41:57 ----A---- C:\WINDOWS\win.ini
2010-07-21 23:41:57 ----A---- C:\WINDOWS\system.ini
2010-07-21 15:58:46 ----D---- C:\WINDOWS\system32\drivers
2010-07-21 15:58:46 ----D---- C:\WINDOWS\pchealth
2010-07-21 08:23:23 ----HD---- C:\WINDOWS\inf
2010-07-21 08:23:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-21 08:23:18 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-21 08:06:22 ----SHD---- C:\WINDOWS\Installer
2010-07-21 08:05:57 ----D---- C:\Program Files
2010-07-21 08:05:49 ----D---- C:\WINDOWS\WinSxS
2010-07-21 00:19:18 ----RD---- C:\WINDOWS\Offline Web Pages
2010-07-21 00:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2010-07-20 00:25:40 ----D---- C:\WINDOWS\security
2010-07-20 00:21:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-18 12:37:16 ----A---- C:\WINDOWS\OEWABLog.txt
2010-07-17 12:20:14 ----A---- C:\WINDOWS\UnitConverter.ini
2010-07-17 09:32:56 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-17 09:32:37 ----D---- C:\WINDOWS\system32\dllcache
2010-07-17 09:31:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-16 15:39:33 ----D---- C:\WINDOWS\Help
2010-07-16 15:39:33 ----D---- C:\Program Files\Internet Explorer
2010-07-16 09:09:54 ----A---- C:\WINDOWS\imsins.BAK
2010-07-16 09:09:44 ----D---- C:\WINDOWS\system32\en-US
2010-07-16 09:08:18 ----D---- C:\WINDOWS\system32\config
2010-07-16 09:08:03 ----D---- C:\WINDOWS\Media
2010-07-15 20:38:38 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-15 20:33:05 ----RSD---- C:\WINDOWS\assembly
2010-07-15 08:51:55 ----D---- C:\Documents and Settings\steve\Application Data\Canon
2010-07-14 17:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-07-14 16:33:14 ----A---- C:\WINDOWS\setuplog.txt
2010-07-14 16:30:39 ----D---- C:\WINDOWS\system32\Setup
2010-07-14 16:30:39 ----D---- C:\WINDOWS\AppPatch
2010-07-14 16:30:37 ----RSD---- C:\WINDOWS\Fonts
2010-07-14 10:47:12 ----D---- C:\Program Files\Outlook Express
2010-07-14 10:45:37 ----D---- C:\Program Files\Movie Maker
2010-07-14 10:29:52 ----D---- C:\Program Files\Messenger
2010-07-14 10:24:16 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-14 10:24:16 ----D---- C:\WINDOWS\ime
2010-07-14 10:24:06 ----D---- C:\WINDOWS\system32\usmt
2010-07-14 10:24:05 ----D---- C:\WINDOWS\PeerNet
2010-07-14 10:21:42 ----D---- C:\WINDOWS\ServicePackFiles
2010-07-14 10:21:22 ----D---- C:\WINDOWS\system32\Restore
2010-07-14 10:21:22 ----D---- C:\WINDOWS\system32\npp
2010-07-14 10:21:22 ----D---- C:\WINDOWS\mui
2010-07-14 10:21:19 ----D---- C:\WINDOWS\msagent
2010-07-14 10:21:16 ----D---- C:\WINDOWS\srchasst
2010-07-14 10:21:15 ----D---- C:\Program Files\NetMeeting
2010-07-14 10:21:11 ----D---- C:\WINDOWS\system32\Com
2010-07-14 10:21:04 ----D---- C:\Program Files\Windows NT
2010-07-14 10:20:58 ----D---- C:\Program Files\Common Files\System
2010-07-14 10:20:41 ----D---- C:\WINDOWS\system32\oobe
2010-07-14 10:20:39 ----D---- C:\WINDOWS\system
2010-07-14 10:17:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-14 10:13:44 ----D---- C:\WINDOWS\ehome
2010-07-13 15:42:50 ----D---- C:\WINDOWS\pss
2010-07-12 22:28:00 ----D---- C:\Documents and Settings\steve\Application Data\Apple Computer
2010-07-12 16:47:24 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2010-07-12 07:47:57 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2010-07-11 23:49:40 ----D---- C:\WINDOWS\Minidump
2010-07-11 10:37:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-07 21:32:24 ----A---- C:\WINDOWS\system32\PxSecure.dll
2010-07-07 21:32:23 ----D---- C:\Program Files\Prevx
2010-07-07 21:32:15 ----A---- C:\WINDOWS\wininit.ini
2010-07-07 17:43:18 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-07-02 12:39:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-23 13:51:20 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-06-23 13:51:18 ----A---- C:\WINDOWS\system32\vsregexp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2002-10-08 7582]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys [2010-07-07 61752]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys [2010-07-07 24400]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-17 30104]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-17 30104]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 389504]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2010-07-07 6384592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-07 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

by **melboy** » July 27th, 2010, 5:07 pm

Hi Steve

Sorry, no MBAM log there - you've posted the RSIT log twice.

MBAM
Logfile of random's system information tool 1.06.....

by **Steve001** » July 27th, 2010, 9:17 pm

I'm sorry for such a goof. I posted it separately because both log contained more characters than permitted
Here it is
MBAM
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4357

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

7/27/2010 4:42:28 PM
mbam-log-2010-07-27

Scan type: Full scan (C:\|)
Objects scanned: 227614
Time elapsed: 1 hour(s), 30 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xgukxzrvux.exe (Malware.Packer.Gen) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\xgukxzrvux.exe (Trojan.SpyEyes) -> No action taken.

Files Infected:
C:\xgukxzrvLogfile of random's system information tool 1.06 (written by random/random)
Run by steve at 2010-07-27 14:17:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (51%) free of 71 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:57 PM, on 7/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\steve\Desktop\sdownloads\New Folder (4)\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\steve.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6060927
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Internet Explorer Plugin - {9FE088DC-C3B2-479C-A314-08F90CE5166F} - vecrits93.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xgukxzrvux.exe] C:\xgukxzrvux.exe\xgukxzrvux.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6216 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2810448116-9971513-1748473005-1006Core.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69D72956-317C-44bd-B369-8E44D4EF9801}]
SafeOnline BHO - C:\WINDOWS\system32\PxSecure.dll [2010-07-07 68120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FE088DC-C3B2-479C-A314-08F90CE5166F}]
Internet Explorer Plugin - C:\WINDOWS\system32\vecrits93.dll [2010-07-26 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-07 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"tgcmd"=C:\Program Files\support.com\bin\tgcmd.exe [2002-04-24 1544192]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"xgukxzrvux.exe"=C:\xgukxzrvux.exe\xgukxzrvux.exe [2009-02-09 175616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
C:\Dell\DellHelp\DellHelp.exe [2004-04-01 1589248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-11 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2003-02-12 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2002-10-08 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2
"mcupdmgr.exe"=2
"McTskshd.exe"=2
"McShield"=2
"McDetect.exe"=2
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"avg8wd"=2
"AVGIDSAgent"=2
"avg9wd"=2
"SharedAccess"=2
"iPod Service"=3
"Fax"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"CCALib8"=2
"JavaQuickStarterService"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WEB Framework\wbfrmwrk.exe"="C:\Program Files\WEB Framework\wbfrmwrk.exe:*:Enabled:WEBFramework"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2010-07-26 20:52:29 ----A---- C:\WINDOWS\system32\xef.txt
2010-07-26 20:52:29 ----A---- C:\WINDOWS\system32\fsc.txt
2010-07-26 20:52:28 ----A---- C:\WINDOWS\system32\qks.txt
2010-07-26 20:52:28 ----A---- C:\WINDOWS\system32\ide.txt
2010-07-26 20:52:27 ----A---- C:\WINDOWS\system32\lrg.txt
2010-07-26 17:03:12 ----A---- C:\WINDOWS\system32\vecrits93.dll
2010-07-21 09:31:06 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-07-21 08:06:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 08:05:57 ----D---- C:\Program Files\Lavasoft
2010-07-16 09:09:33 ----D---- C:\WINDOWS\ie7updates
2010-07-16 09:08:10 ----D---- C:\WINDOWS\WBEM
2010-07-16 09:06:53 ----HDC---- C:\WINDOWS\ie7
2010-07-16 09:06:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-07-16 09:06:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-07-14 17:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-07-14 17:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-07-14 17:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-07-14 16:32:21 ----D---- C:\WINDOWS\Prefetch
2010-07-14 10:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-07-14 10:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-07-14 10:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-14 10:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-07-14 10:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-07-14 10:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-14 10:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-14 10:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-07-14 10:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-07-14 10:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-07-14 10:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-07-14 10:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-07-14 10:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-07-14 10:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-07-14 10:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-07-14 10:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-14 10:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-07-14 10:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-07-14 10:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-07-14 10:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-07-14 10:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-07-14 10:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-07-14 10:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-07-14 10:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-07-14 10:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-07-14 10:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-07-14 10:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-07-14 10:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-07-14 10:42:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-07-14 10:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-07-14 10:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-07-14 10:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-07-14 10:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-07-14 10:41:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-07-14 10:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-07-14 10:40:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-07-14 10:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-07-14 10:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-07-14 10:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-07-14 10:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_1$
2010-07-14 10:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2010-07-14 10:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-07-14 10:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-07-14 10:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-07-14 10:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-07-14 10:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-07-14 10:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-07-14 10:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-07-14 10:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-07-14 10:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-07-14 10:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-07-14 10:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-07-14 10:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-07-14 10:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-07-14 10:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-07-14 10:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-07-14 10:33:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-07-14 10:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-07-14 10:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-07-14 10:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-07-14 10:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-07-14 10:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-07-14 10:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-07-14 10:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-07-14 10:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-07-14 10:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-07-14 10:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-07-14 10:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-07-14 10:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-07-14 10:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-07-14 10:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-07-14 10:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-07-14 10:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 10:24:06 ----D---- C:\WINDOWS\system32\scripting
2010-07-14 10:24:05 ----D---- C:\WINDOWS\system32\en
2010-07-14 10:24:05 ----D---- C:\WINDOWS\system32\bits
2010-07-14 10:24:05 ----D---- C:\WINDOWS\l2schemas
2010-07-14 10:18:50 ----D---- C:\WINDOWS\network diagnostic
2010-07-14 10:13:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-07-14 08:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB980218_0$
2010-07-14 08:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
2010-07-14 08:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-14 08:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$
2010-07-14 08:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-07-14 08:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979559_0$
2010-07-14 08:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-14 08:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979482_0$
2010-07-14 08:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975562_0$
2010-07-14 08:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_0$
2010-07-11 10:37:42 ----D---- C:\Documents and Settings\steve\Application Data\Malwarebytes
2010-07-11 10:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-07 17:43:51 ----D---- C:\Documents and Settings\steve\Application Data\CheckPoint
2010-07-07 17:38:38 ----D---- C:\Program Files\CheckPoint
2010-07-07 17:37:04 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-07-07 17:37:04 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-07-07 17:36:59 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-07-07 17:36:16 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-07-07 17:36:09 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-07-07 17:36:09 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-07-07 17:36:08 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-07-07 17:32:51 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-07-07 17:32:51 ----A---- C:\WINDOWS\system32\vsinit.dll

======List of files/folders modified in the last 2 months======

2010-07-27 14:17:57 ----D---- C:\WINDOWS\Temp
2010-07-27 14:16:44 ----D---- C:\WINDOWS\Internet Logs
2010-07-27 14:08:26 ----SD---- C:\WINDOWS\Tasks
2010-07-27 14:06:26 ----D---- C:\WINDOWS
2010-07-27 14:05:19 ----D---- C:\WINDOWS\Registration
2010-07-27 14:05:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-27 09:58:15 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-07-27 09:58:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-27 08:22:12 ----D---- C:\WINDOWS\system32
2010-07-26 16:20:35 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-25 11:19:31 ----D---- C:\WINDOWS\system32\FxsTmp
2010-07-23 22:14:46 ----D---- C:\Program Files\Mozilla Firefox
2010-07-23 19:30:40 ----D---- C:\WINDOWS\system32\wbem
2010-07-23 19:30:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-22 09:53:39 ----D---- C:\Documents and Settings\steve\Application Data\QuickScan
2010-07-21 23:41:57 ----RASH---- C:\boot.ini
2010-07-21 23:41:57 ----A---- C:\WINDOWS\win.ini
2010-07-21 23:41:57 ----A---- C:\WINDOWS\system.ini
2010-07-21 15:58:46 ----D---- C:\WINDOWS\system32\drivers
2010-07-21 15:58:46 ----D---- C:\WINDOWS\pchealth
2010-07-21 08:23:23 ----HD---- C:\WINDOWS\inf
2010-07-21 08:23:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-21 08:23:18 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-21 08:06:22 ----SHD---- C:\WINDOWS\Installer
2010-07-21 08:05:57 ----D---- C:\Program Files
2010-07-21 08:05:49 ----D---- C:\WINDOWS\WinSxS
2010-07-21 00:19:18 ----RD---- C:\WINDOWS\Offline Web Pages
2010-07-21 00:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2010-07-20 00:25:40 ----D---- C:\WINDOWS\security
2010-07-20 00:21:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-18 12:37:16 ----A---- C:\WINDOWS\OEWABLog.txt
2010-07-17 12:20:14 ----A---- C:\WINDOWS\UnitConverter.ini
2010-07-17 09:32:56 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-17 09:32:37 ----D---- C:\WINDOWS\system32\dllcache
2010-07-17 09:31:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-16 15:39:33 ----D---- C:\WINDOWS\Help
2010-07-16 15:39:33 ----D---- C:\Program Files\Internet Explorer
2010-07-16 09:09:54 ----A---- C:\WINDOWS\imsins.BAK
2010-07-16 09:09:44 ----D---- C:\WINDOWS\system32\en-US
2010-07-16 09:08:18 ----D---- C:\WINDOWS\system32\config
2010-07-16 09:08:03 ----D---- C:\WINDOWS\Media
2010-07-15 20:38:38 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-15 20:33:05 ----RSD---- C:\WINDOWS\assembly
2010-07-15 08:51:55 ----D---- C:\Documents and Settings\steve\Application Data\Canon
2010-07-14 17:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-07-14 16:33:14 ----A---- C:\WINDOWS\setuplog.txt
2010-07-14 16:30:39 ----D---- C:\WINDOWS\system32\Setup
2010-07-14 16:30:39 ----D---- C:\WINDOWS\AppPatch
2010-07-14 16:30:37 ----RSD---- C:\WINDOWS\Fonts
2010-07-14 10:47:12 ----D---- C:\Program Files\Outlook Express
2010-07-14 10:45:37 ----D---- C:\Program Files\Movie Maker
2010-07-14 10:29:52 ----D---- C:\Program Files\Messenger
2010-07-14 10:24:16 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-14 10:24:16 ----D---- C:\WINDOWS\ime
2010-07-14 10:24:06 ----D---- C:\WINDOWS\system32\usmt
2010-07-14 10:24:05 ----D---- C:\WINDOWS\PeerNet
2010-07-14 10:21:42 ----D---- C:\WINDOWS\ServicePackFiles
2010-07-14 10:21:22 ----D---- C:\WINDOWS\system32\Restore
2010-07-14 10:21:22 ----D---- C:\WINDOWS\system32\npp
2010-07-14 10:21:22 ----D---- C:\WINDOWS\mui
2010-07-14 10:21:19 ----D---- C:\WINDOWS\msagent
2010-07-14 10:21:16 ----D---- C:\WINDOWS\srchasst
2010-07-14 10:21:15 ----D---- C:\Program Files\NetMeeting
2010-07-14 10:21:11 ----D---- C:\WINDOWS\system32\Com
2010-07-14 10:21:04 ----D---- C:\Program Files\Windows NT
2010-07-14 10:20:58 ----D---- C:\Program Files\Common Files\System
2010-07-14 10:20:41 ----D---- C:\WINDOWS\system32\oobe
2010-07-14 10:20:39 ----D---- C:\WINDOWS\system
2010-07-14 10:17:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-14 10:13:44 ----D---- C:\WINDOWS\ehome
2010-07-13 15:42:50 ----D---- C:\WINDOWS\pss
2010-07-12 22:28:00 ----D---- C:\Documents and Settings\steve\Application Data\Apple Computer
2010-07-12 16:47:24 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2010-07-12 07:47:57 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2010-07-11 23:49:40 ----D---- C:\WINDOWS\Minidump
2010-07-11 10:37:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-07 21:32:24 ----A---- C:\WINDOWS\system32\PxSecure.dll
2010-07-07 21:32:23 ----D---- C:\Program Files\Prevx
2010-07-07 21:32:15 ----A---- C:\WINDOWS\wininit.ini
2010-07-07 17:43:18 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-07-02 12:39:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-23 13:51:20 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-06-23 13:51:18 ----A---- C:\WINDOWS\system32\vsregexp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2002-10-08 7582]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys [2010-07-07 61752]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys [2010-07-07 24400]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-17 30104]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-17 30104]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 389504]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2010-07-07 6384592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
S4 Fax;Fax; C:\WINDOWS\system32\fxsLogfile of random's system information tool 1.06 (written by random/random)
Run by steve at 2010-07-27 14:17:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (51%) free of 71 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:57 PM, on 7/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\steve\Desktop\sdownloads\New Folder (4)\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\steve.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6060927
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Internet Explorer Plugin - {9FE088DC-C3B2-479C-A314-08F90CE5166F} - vecrits93.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xgukxzrvux.exe] C:\xgukxzrvux.exe\xgukxzrvux.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6216 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2810448116-9971513-1748473005-1006Core.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69D72956-317C-44bd-B369-8E44D4EF9801}]
SafeOnline BHO - C:\WINDOWS\system32\PxSecure.dll [2010-07-07 68120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FE088DC-C3B2-479C-A314-08F90CE5166F}]
Internet Explorer Plugin - C:\WINDOWS\system32\vecrits93.dll [2010-07-26 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-07 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"tgcmd"=C:\Program Files\support.com\bin\tgcmd.exe [2002-04-24 1544192]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"xgukxzrvux.exe"=C:\xgukxzrvux.exe\xgukxzrvux.exe [2009-02-09 175616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
C:\Dell\DellHelp\DellHelp.exe [2004-04-01 1589248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-11 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2003-02-12 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2002-10-08 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2
"mcupdmgr.exe"=2
"McTskshd.exe"=2
"McShield"=2
"McDetect.exe"=2
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"avg8wd"=2
"AVGIDSAgent"=2
"avg9wd"=2
"SharedAccess"=2
"iPod Service"=3
"Fax"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"CCALib8"=2
"JavaQuickStarterService"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WEB Framework\wbfrmwrk.exe"="C:\Program Files\WEB Framework\wbfrmwrk.exe:*:Enabled:WEBFramework"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2010-07-26 20:52:29 ----A---- C:\WINDOWS\system32\xef.txt
2010-07-26 20:52:29 ----A---- C:\WINDOWS\system32\fsc.txt
2010-07-26 20:52:28 ----A---- C:\WINDOWS\system32\qks.txt
2010-07-26 20:52:28 ----A---- C:\WINDOWS\system32\ide.txt
2010-07-26 20:52:27 ----A---- C:\WINDOWS\system32\lrg.txt
2010-07-26 17:03:12 ----A---- C:\WINDOWS\system32\vecrits93.dll
2010-07-21 09:31:06 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-07-21 08:06:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 08:05:57 ----D---- C:\Program Files\Lavasoft
2010-07-16 09:09:33 ----D---- C:\WINDOWS\ie7updates
2010-07-16 09:08:10 ----D---- C:\WINDOWS\WBEM
2010-07-16 09:06:53 ----HDC---- C:\WINDOWS\ie7
2010-07-16 09:06:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-07-16 09:06:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-07-14 17:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-07-14 17:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-07-14 17:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-07-14 16:32:21 ----D---- C:\WINDOWS\Prefetch
2010-07-14 10:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-07-14 10:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-07-14 10:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-14 10:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-07-14 10:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-07-14 10:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-14 10:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-14 10:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-07-14 10:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-07-14 10:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-07-14 10:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-07-14 10:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-07-14 10:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-07-14 10:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-07-14 10:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-07-14 10:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-14 10:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-07-14 10:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-07-14 10:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-07-14 10:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-07-14 10:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-07-14 10:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-07-14 10:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-07-14 10:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-07-14 10:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-07-14 10:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-07-14 10:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-07-14 10:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-07-14 10:42:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-07-14 10:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-07-14 10:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-07-14 10:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-07-14 10:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-07-14 10:41:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-07-14 10:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-07-14 10:40:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-07-14 10:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-07-14 10:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-07-14 10:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-07-14 10:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_1$
2010-07-14 10:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2010-07-14 10:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-07-14 10:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-07-14 10:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-07-14 10:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-07-14 10:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-07-14 10:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-07-14 10:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-07-14 10:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-07-14 10:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-07-14 10:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-07-14 10:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-07-14 10:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-07-14 10:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-07-14 10:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-07-14 10:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-07-14 10:33:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-07-14 10:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-07-14 10:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-07-14 10:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-07-14 10:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-07-14 10:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-07-14 10:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-07-14 10:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-07-14 10:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-07-14 10:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-07-14 10:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-07-14 10:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-07-14 10:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-07-14 10:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-07-14 10:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-07-14 10:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-07-14 10:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 10:24:06 ----D---- C:\WINDOWS\system32\scripting
2010-07-14 10:24:05 ----D---- C:\WINDOWS\system32\en
2010-07-14 10:24:05 ----D---- C:\WINDOWS\system32\bits
2010-07-14 10:24:05 ----D---- C:\WINDOWS\l2schemas
2010-07-14 10:18:50 ----D---- C:\WINDOWS\network diagnostic
2010-07-14 10:13:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-07-14 08:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB980218_0$
2010-07-14 08:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
2010-07-14 08:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-14 08:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$
2010-07-14 08:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-07-14 08:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979559_0$
2010-07-14 08:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-14 08:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979482_0$
2010-07-14 08:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975562_0$
2010-07-14 08:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_0$
2010-07-11 10:37:42 ----D---- C:\Documents and Settings\steve\Application Data\Malwarebytes
2010-07-11 10:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-07 17:43:51 ----D---- C:\Documents and Settings\steve\Application Data\CheckPoint
2010-07-07 17:38:38 ----D---- C:\Program Files\CheckPoint
2010-07-07 17:37:04 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-07-07 17:37:04 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-07-07 17:36:59 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-07-07 17:36:16 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-07-07 17:36:09 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-07-07 17:36:09 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-07-07 17:36:08 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-07-07 17:32:51 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-07-07 17:32:51 ----A---- C:\WINDOWS\system32\vsinit.dll

======List of files/folders modified in the last 2 months======

2010-07-27 14:17:57 ----D---- C:\WINDOWS\Temp
2010-07-27 14:16:44 ----D---- C:\WINDOWS\Internet Logs
2010-07-27 14:08:26 ----SD---- C:\WINDOWS\Tasks
2010-07-27 14:06:26 ----D---- C:\WINDOWS
2010-07-27 14:05:19 ----D---- C:\WINDOWS\Registration
2010-07-27 14:05:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-27 09:58:15 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-07-27 09:58:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-27 08:22:12 ----D---- C:\WINDOWS\system32
2010-07-26 16:20:35 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-25 11:19:31 ----D---- C:\WINDOWS\system32\FxsTmp
2010-07-23 22:14:46 ----D---- C:\Program Files\Mozilla Firefox
2010-07-23 19:30:40 ----D---- C:\WINDOWS\system32\wbem
2010-07-23 19:30:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-22 09:53:39 ----D---- C:\Documents and Settings\steve\Application Data\QuickScan
2010-07-21 23:41:57 ----RASH---- C:\boot.ini
2010-07-21 23:41:57 ----A---- C:\WINDOWS\win.ini
2010-07-21 23:41:57 ----A---- C:\WINDOWS\system.ini
2010-07-21 15:58:46 ----D---- C:\WINDOWS\system32\drivers
2010-07-21 15:58:46 ----D---- C:\WINDOWS\pchealth
2010-07-21 08:23:23 ----HD---- C:\WINDOWS\inf
2010-07-21 08:23:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-21 08:23:18 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-21 08:06:22 ----SHD---- C:\WINDOWS\Installer
2010-07-21 08:05:57 ----D---- C:\Program Files
2010-07-21 08:05:49 ----D---- C:\WINDOWS\WinSxS
2010-07-21 00:19:18 ----RD---- C:\WINDOWS\Offline Web Pages
2010-07-21 00:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2010-07-20 00:25:40 ----D---- C:\WINDOWS\security
2010-07-20 00:21:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-18 12:37:16 ----A---- C:\WINDOWS\OEWABLog.txt
2010-07-17 12:20:14 ----A---- C:\WINDOWS\UnitConverter.ini
2010-07-17 09:32:56 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-17 09:32:37 ----D---- C:\WINDOWS\system32\dllcache
2010-07-17 09:31:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-16 15:39:33 ----D---- C:\WINDOWS\Help
2010-07-16 15:39:33 ----D---- C:\Program Files\Internet Explorer
2010-07-16 09:09:54 ----A---- C:\WINDOWS\imsins.BAK
2010-07-16 09:09:44 ----D---- C:\WINDOWS\system32\en-US
2010-07-16 09:08:18 ----D---- C:\WINDOWS\system32\config
2010-07-16 09:08:03 ----D---- C:\WINDOWS\Media
2010-07-15 20:38:38 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-15 20:33:05 ----RSD---- C:\WINDOWS\assembly
2010-07-15 08:51:55 ----D---- C:\Documents and Settings\steve\Application Data\Canon
2010-07-14 17:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-07-14 16:33:14 ----A---- C:\WINDOWS\setuplog.txt
2010-07-14 16:30:39 ----D---- C:\WINDOWS\system32\Setup
2010-07-14 16:30:39 ----D---- C:\WINDOWS\AppPatch
2010-07-14 16:30:37 ----RSD---- C:\WINDOWS\Fonts
2010-07-14 10:47:12 ----D---- C:\Program Files\Outlook Express
2010-07-14 10:45:37 ----D---- C:\Program Files\Movie Maker
2010-07-14 10:29:52 ----D---- C:\Program Files\Messenger
2010-07-14 10:24:16 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-14 10:24:16 ----D---- C:\WINDOWS\ime
2010-07-14 10:24:06 ----D---- C:\WINDOWS\system32\usmt
2010-07-14 10:24:05 ----D---- C:\WINDOWS\PeerNet
2010-07-14 10:21:42 ----D---- C:\WINDOWS\ServicePackFiles
2010-07-14 10:21:22 ----D---- C:\WINDOWS\system32\Restore
2010-07-14 10:21:22 ----D---- C:\WINDOWS\system32\npp
2010-07-14 10:21:22 ----D---- C:\WINDOWS\mui
2010-07-14 10:21:19 ----D---- C:\WINDOWS\msagent
2010-07-14 10:21:16 ----D---- C:\WINDOWS\srchasst
2010-07-14 10:21:15 ----D---- C:\Program Files\NetMeeting
2010-07-14 10:21:11 ----D---- C:\WINDOWS\system32\Com
2010-07-14 10:21:04 ----D---- C:\Program Files\Windows NT
2010-07-14 10:20:58 ----D---- C:\Program Files\Common Files\System
2010-07-14 10:20:41 ----D---- C:\WINDOWS\system32\oobe
2010-07-14 10:20:39 ----D---- C:\WINDOWS\system
2010-07-14 10:17:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-14 10:13:44 ----D---- C:\WINDOWS\ehome
2010-07-13 15:42:50 ----D---- C:\WINDOWS\pss
2010-07-12 22:28:00 ----D---- C:\Documents and Settings\steve\Application Data\Apple Computer
2010-07-12 16:47:24 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2010-07-12 07:47:57 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2010-07-11 23:49:40 ----D---- C:\WINDOWS\Minidump
2010-07-11 10:37:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-07 21:32:24 ----A---- C:\WINDOWS\system32\PxSecure.dll
2010-07-07 21:32:23 ----D---- C:\Program Files\Prevx
2010-07-07 21:32:15 ----A---- C:\WINDOWS\wininit.ini
2010-07-07 17:43:18 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-07-02 12:39:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-23 13:51:20 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-06-23 13:51:18 ----A---- C:\WINDOWS\system32\vsregexp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2002-10-08 7582]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys [2010-07-07 61752]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys [2010-07-07 24400]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-17 30104]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-17 30104]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 389504]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2010-07-07 6384592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-07 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------svc.exe [2008-04-13 267776]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-07 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------ux.exe\xgukxzrvux.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP204\A0291031.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\vecrits93.dll (Malware.Packer.Gen) -> No action taken.
C:\xgukxzrvux.exe\config.bin (Trojan.SpyEyes) -> No action taken.

by **melboy** » July 28th, 2010, 8:29 am

Hi Steve

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xgukxzrvux.exe (Malware.Packer.Gen) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\xgukxzrvux.exe (Trojan.SpyEyes) -> No action taken.

Files Infected:
C:\xgukxzrvux.exe\xgukxzrvux.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP204\A0291031.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\vecrits93.dll (Malware.Packer.Gen) -> No action taken.
C:\xgukxzrvux.exe\config.bin (Trojan.SpyEyes) -> No action taken.

Did you remove the infected items? Looking at that log you took no action. Did you follow the instructions as below?

melboy wrote:
Select Perform Quick scan, then click on Scan
When done, you will be prompted. Click OK. If Items are found, then click on Show Results
Check all items then click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply.

I'd like you to run RSIT slightly differently this time, Make sure RSIT is directly on your desktop NOT in a folder on the desktop as you currently have it (C:\Documents and Settings\steve\Desktop\sdownloads\New Folder (4)\RSIT.exe). This should produce both the log.txt and info.txt logs.

RSIT (Random's System Information Tool)

Ensure rsit.exe is on your desktop
Click Start > Run
Copy/paste the following into the run box & click OK

"%userprofile%\desktop\rsit.exe" /info
Click Continue at the disclaimer screen
Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
Copy & paste the contents of both logs in your next reply

by **Steve001** » July 28th, 2010, 5:10 pm

I ran MBAM again and deleted what it found

Logfile of random's system information tool 1.06 (written by random/random)
Run by steve at 2010-07-28 17:08:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (51%) free of 71 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:10 PM, on 7/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\steve\desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\steve.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6060927
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Internet Explorer Plugin - {9FE088DC-C3B2-479C-A314-08F90CE5166F} - vecrits93.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5876 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2810448116-9971513-1748473005-1006Core.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69D72956-317C-44bd-B369-8E44D4EF9801}]
SafeOnline BHO - C:\WINDOWS\system32\PxSecure.dll [2010-07-07 68120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FE088DC-C3B2-479C-A314-08F90CE5166F}]
Internet Explorer Plugin - vecrits93.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-07 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"tgcmd"=C:\Program Files\support.com\bin\tgcmd.exe [2002-04-24 1544192]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
C:\Dell\DellHelp\DellHelp.exe [2004-04-01 1589248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-11 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2003-02-12 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2002-10-08 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2
"mcupdmgr.exe"=2
"McTskshd.exe"=2
"McShield"=2
"McDetect.exe"=2
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"avg8wd"=2
"AVGIDSAgent"=2
"avg9wd"=2
"SharedAccess"=2
"iPod Service"=3
"Fax"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"CCALib8"=2
"JavaQuickStarterService"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WEB Framework\wbfrmwrk.exe"="C:\Program Files\WEB Framework\wbfrmwrk.exe:*:Enabled:WEBFramework"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2010-07-28 15:05:53 ----SHD---- C:\Config.Msi
2010-07-26 20:52:29 ----A---- C:\WINDOWS\system32\xef.txt
2010-07-26 20:52:29 ----A---- C:\WINDOWS\system32\fsc.txt
2010-07-26 20:52:28 ----A---- C:\WINDOWS\system32\qks.txt
2010-07-26 20:52:28 ----A---- C:\WINDOWS\system32\ide.txt
2010-07-26 20:52:27 ----A---- C:\WINDOWS\system32\lrg.txt
2010-07-21 09:31:06 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-07-21 08:06:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 08:05:57 ----D---- C:\Program Files\Lavasoft
2010-07-16 09:09:33 ----D---- C:\WINDOWS\ie7updates
2010-07-16 09:08:10 ----D---- C:\WINDOWS\WBEM
2010-07-16 09:06:53 ----HDC---- C:\WINDOWS\ie7
2010-07-16 09:06:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-07-16 09:06:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-07-14 17:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-07-14 17:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-07-14 17:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-07-14 16:32:21 ----D---- C:\WINDOWS\Prefetch
2010-07-14 10:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-07-14 10:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-07-14 10:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-14 10:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-07-14 10:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-07-14 10:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-14 10:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-14 10:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-07-14 10:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-07-14 10:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-07-14 10:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-07-14 10:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-07-14 10:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-07-14 10:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-07-14 10:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-07-14 10:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-14 10:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-07-14 10:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-07-14 10:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-07-14 10:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-07-14 10:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-07-14 10:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-07-14 10:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-07-14 10:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-07-14 10:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-07-14 10:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-07-14 10:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-07-14 10:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-07-14 10:42:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-07-14 10:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-07-14 10:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-07-14 10:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-07-14 10:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-07-14 10:41:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-07-14 10:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-07-14 10:40:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-07-14 10:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-07-14 10:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-07-14 10:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-07-14 10:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_1$
2010-07-14 10:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2010-07-14 10:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-07-14 10:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-07-14 10:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-07-14 10:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-07-14 10:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-07-14 10:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-07-14 10:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-07-14 10:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-07-14 10:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-07-14 10:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-07-14 10:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-07-14 10:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-07-14 10:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-07-14 10:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-07-14 10:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-07-14 10:33:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-07-14 10:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-07-14 10:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-07-14 10:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-07-14 10:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-07-14 10:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-07-14 10:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-07-14 10:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-07-14 10:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-07-14 10:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-07-14 10:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-07-14 10:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-07-14 10:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-07-14 10:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-07-14 10:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-07-14 10:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-07-14 10:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 10:24:06 ----D---- C:\WINDOWS\system32\scripting
2010-07-14 10:24:05 ----D---- C:\WINDOWS\system32\en
2010-07-14 10:24:05 ----D---- C:\WINDOWS\system32\bits
2010-07-14 10:24:05 ----D---- C:\WINDOWS\l2schemas
2010-07-14 10:18:50 ----D---- C:\WINDOWS\network diagnostic
2010-07-14 10:13:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-07-14 08:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB980218_0$
2010-07-14 08:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
2010-07-14 08:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-14 08:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$
2010-07-14 08:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-07-14 08:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979559_0$
2010-07-14 08:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-14 08:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979482_0$
2010-07-14 08:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975562_0$
2010-07-14 08:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_0$
2010-07-11 10:37:42 ----D---- C:\Documents and Settings\steve\Application Data\Malwarebytes
2010-07-11 10:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-07 17:43:51 ----D---- C:\Documents and Settings\steve\Application Data\CheckPoint
2010-07-07 17:38:38 ----D---- C:\Program Files\CheckPoint
2010-07-07 17:37:04 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-07-07 17:37:04 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-07-07 17:36:59 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-07-07 17:36:16 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-07-07 17:36:09 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-07-07 17:36:09 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-07-07 17:36:08 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-07-07 17:32:51 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-07-07 17:32:51 ----A---- C:\WINDOWS\system32\vsinit.dll

======List of files/folders modified in the last 2 months======

2010-07-28 17:06:42 ----D---- C:\WINDOWS\Internet Logs
2010-07-28 17:05:38 ----SD---- C:\WINDOWS\Tasks
2010-07-28 17:05:36 ----D---- C:\WINDOWS\Temp
2010-07-28 17:05:29 ----D---- C:\WINDOWS
2010-07-28 17:04:53 ----D---- C:\WINDOWS\Registration
2010-07-28 17:04:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-28 17:03:49 ----D---- C:\WINDOWS\system32\drivers
2010-07-28 17:03:17 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-28 17:02:37 ----D---- C:\WINDOWS\system32
2010-07-28 16:09:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-28 16:09:12 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-07-28 15:05:57 ----SHD---- C:\WINDOWS\Installer
2010-07-28 15:05:56 ----D---- C:\Program Files
2010-07-25 11:19:31 ----D---- C:\WINDOWS\system32\FxsTmp
2010-07-23 22:14:46 ----D---- C:\Program Files\Mozilla Firefox
2010-07-23 19:30:40 ----D---- C:\WINDOWS\system32\wbem
2010-07-23 19:30:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-22 09:53:39 ----D---- C:\Documents and Settings\steve\Application Data\QuickScan
2010-07-21 23:41:57 ----RASH---- C:\boot.ini
2010-07-21 23:41:57 ----A---- C:\WINDOWS\win.ini
2010-07-21 23:41:57 ----A---- C:\WINDOWS\system.ini
2010-07-21 15:58:46 ----D---- C:\WINDOWS\pchealth
2010-07-21 08:23:23 ----HD---- C:\WINDOWS\inf
2010-07-21 08:23:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-21 08:23:18 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-21 08:05:49 ----D---- C:\WINDOWS\WinSxS
2010-07-21 00:19:18 ----RD---- C:\WINDOWS\Offline Web Pages
2010-07-21 00:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2010-07-20 00:25:40 ----D---- C:\WINDOWS\security
2010-07-20 00:21:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-18 12:37:16 ----A---- C:\WINDOWS\OEWABLog.txt
2010-07-17 12:20:14 ----A---- C:\WINDOWS\UnitConverter.ini
2010-07-17 09:32:56 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-17 09:32:37 ----D---- C:\WINDOWS\system32\dllcache
2010-07-17 09:31:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-16 15:39:33 ----D---- C:\WINDOWS\Help
2010-07-16 15:39:33 ----D---- C:\Program Files\Internet Explorer
2010-07-16 09:09:54 ----A---- C:\WINDOWS\imsins.BAK
2010-07-16 09:09:44 ----D---- C:\WINDOWS\system32\en-US
2010-07-16 09:08:18 ----D---- C:\WINDOWS\system32\config
2010-07-16 09:08:03 ----D---- C:\WINDOWS\Media
2010-07-15 20:38:38 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-15 20:33:05 ----RSD---- C:\WINDOWS\assembly
2010-07-15 08:51:55 ----D---- C:\Documents and Settings\steve\Application Data\Canon
2010-07-14 17:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-07-14 16:33:14 ----A---- C:\WINDOWS\setuplog.txt
2010-07-14 16:30:39 ----D---- C:\WINDOWS\system32\Setup
2010-07-14 16:30:39 ----D---- C:\WINDOWS\AppPatch
2010-07-14 16:30:37 ----RSD---- C:\WINDOWS\Fonts
2010-07-14 10:47:12 ----D---- C:\Program Files\Outlook Express
2010-07-14 10:45:37 ----D---- C:\Program Files\Movie Maker
2010-07-14 10:29:52 ----D---- C:\Program Files\Messenger
2010-07-14 10:24:16 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-14 10:24:16 ----D---- C:\WINDOWS\ime
2010-07-14 10:24:06 ----D---- C:\WINDOWS\system32\usmt
2010-07-14 10:24:05 ----D---- C:\WINDOWS\PeerNet
2010-07-14 10:21:42 ----D---- C:\WINDOWS\ServicePackFiles
2010-07-14 10:21:22 ----D---- C:\WINDOWS\system32\Restore
2010-07-14 10:21:22 ----D---- C:\WINDOWS\system32\npp
2010-07-14 10:21:22 ----D---- C:\WINDOWS\mui
2010-07-14 10:21:19 ----D---- C:\WINDOWS\msagent
2010-07-14 10:21:16 ----D---- C:\WINDOWS\srchasst
2010-07-14 10:21:15 ----D---- C:\Program Files\NetMeeting
2010-07-14 10:21:11 ----D---- C:\WINDOWS\system32\Com
2010-07-14 10:21:04 ----D---- C:\Program Files\Windows NT
2010-07-14 10:20:58 ----D---- C:\Program Files\Common Files\System
2010-07-14 10:20:41 ----D---- C:\WINDOWS\system32\oobe
2010-07-14 10:20:39 ----D---- C:\WINDOWS\system
2010-07-14 10:17:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-14 10:13:44 ----D---- C:\WINDOWS\ehome
2010-07-13 15:42:50 ----D---- C:\WINDOWS\pss
2010-07-12 22:28:00 ----D---- C:\Documents and Settings\steve\Application Data\Apple Computer
2010-07-12 16:47:24 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2010-07-12 07:47:57 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2010-07-11 23:49:40 ----D---- C:\WINDOWS\Minidump
2010-07-11 10:37:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-07 21:32:24 ----A---- C:\WINDOWS\system32\PxSecure.dll
2010-07-07 21:32:23 ----D---- C:\Program Files\Prevx
2010-07-07 21:32:15 ----A---- C:\WINDOWS\wininit.ini
2010-07-07 17:43:18 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-07-02 12:39:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-23 13:51:20 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-06-23 13:51:18 ----A---- C:\WINDOWS\system32\vsregexp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2002-10-08 7582]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys [2010-07-07 61752]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys [2010-07-07 24400]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-17 30104]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-04-17 30104]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 389504]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2010-07-07 6384592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-07 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-07-28 17:08:17

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ahead InCD EasyWrite Reader-->C:\WINDOWS\UNMrw.exe /UNINSTALL
Ahead InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Amazon MP3 Downloader 1.0.3-->C:\Documents and Settings\deborah\My Documents\Uninstall.exe
AnalogX NetStat Live-->C:\Program Files\AnalogX\NetStat Live\nslu.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Atmosphere Lite v6.0-->"C:\Program Files\Atmosphere Lite\unins000.exe"
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon CanoScan Toolbox 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}\setup.exe" -l0x9 anything
Canon Digital Camera Solution Disk 34 Software Starter Guide-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\SoftwareStarterGuide-DCSD34\Uninst.ini"
Canon Direct Print User Guide-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\DirectPrintUserGuide\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MOV Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Decoder140\CanonMOVDecoderUnInstall.ini"
Canon MOV Encoder-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon PowerShot A470 Camera User Guide-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraUserGuide-PSA470\Uninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture DC-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
ComcastSUPPORT-->"C:\Program Files\support.com\bin\tgfix.exe" /rm /nq
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.2-->MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Driver Detective-->MsiExec.exe /X{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
eMachineShop-->C:\PROGRA~1\EMACHI~1\UNWISE.EXE C:\PROGRA~1\EMACHI~1\INSTALL.LOG
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Extreme Units Converter 1.2-->"C:\Program Files\Extreme Units Converter\unins000.exe"
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Index.dat Analyzer v1.6-->"C:\Program Files\Index.dat Analyzer\unins000.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manual CanoScan LiDE 35-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6AA4C799-BF98-4573-9C83-0C8E4EA46D14}\setup.exe" -l0x9
McAfee UnInstaller-->MsiExec.exe /I{2B10CE30-4316-11D0-86A0-00C0F003261B}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.6.

-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OmniPage SE-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PhotoStudio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{230CCBE9-14B0-4008-97AF-30C10F99E42C}\setup.exe" -l0x9
Pretty Good Solitaire version 11.0.0-->"C:\Program Files\goodsol\unins000.exe"
Prevx-->"C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Terragen-->MsiExec.exe /I{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}
Test Tone Generator 4.2-->"C:\Program Files\Test Tone Generator\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WEB Framework-->"C:\Program Files\WEB Framework\uninstaller.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZoneAlarm Toolbar-->C:\Program Files\CheckPoint\ZAForceField\Clean_tool.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O4 - HKCU\..\Run: [rqrqpndrv] rundll32.exe "efdawx.dll",s [2010-04-17]
O4 - HKUS\.DEFAULT\..\Run: [ljgfdbsys] rundll32.exe "ssrspq.dll",DllRegisterServer (User 'Default user') [2010-04-17]
O4 - HKUS\S-1-5-18\..\Run: [nnkhgedrv] rundll32.exe "efdawx.dll",s (User 'SYSTEM') [2010-04-17]
O4 - HKLM\..\Run: [efcdbxdrv] rundll32.exe "efdawx.dll",s [2010-04-17]
O4 - HKLM\..\Run: [ssqomnsys] rundll32.exe "ssrspq.dll",DllRegisterServer [2010-04-17]
O4 - HKUS\S-1-5-18\..\Run: [ljgfdbsys] rundll32.exe "ssrspq.dll",DllRegisterServer (User 'SYSTEM') [2010-04-17]
O4 - HKUS\S-1-5-18\..\Run: [tuvtqrdrv] rundll32.exe "efdawx.dll",s (User 'SYSTEM') [2010-04-17]
O4 - HKUS\.DEFAULT\..\Run: [tuvtqrdrv] rundll32.exe "efdawx.dll",s (User 'Default user') [2010-04-17]
O4 - HKUS\S-1-5-18\..\Run: [geeecysys] rundll32.exe "ssrspq.dll",DllRegisterServer (User 'SYSTEM') [2010-04-17]
O4 - HKLM\..\Run: [awttrrsys] rundll32.exe "ssrspq.dll",DllRegisterServer [2010-04-17]
O4 - HKLM\..\Run: [wvwutrdrv] rundll32.exe "efdawx.dll",s [2010-04-17]
O4 - HKLM\..\Run: [ljgebysys] rundll32.exe "ssrspq.dll",DllRegisterServer [2010-04-17]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2010-04-23]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2010-04-23]
O4 - HKLM\..\Run: [gebbbadrv] rundll32.exe "efdawx.dll",s [2010-04-23]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing) [2010-04-23]
O4 - HKLM\..\Run: [yaawutsys] rundll32.exe "ssrspq.dll",DllRegisterServer [2010-04-23]
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html [2010-04-23]
O4 - HKUS\S-1-5-18\..\Run: [wvvtrodrv] rundll32.exe "efdawx.dll",s (User 'SYSTEM') [2010-04-23]
O4 - HKCU\..\Run: [rqomnldrv] rundll32.exe "efdawx.dll",s [2010-04-23]
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll [2010-04-23]
O4 - HKUS\S-1-5-18\..\Run: [mlkkjksys] rundll32.exe "ssrspq.dll",DllRegisterServer (User 'SYSTEM') [2010-04-23]
O4 - HKCU\..\Run: [mlkkihdrv] rundll32.exe "efdawx.dll",s [2010-04-23]
O4 - HKUS\.DEFAULT\..\Run: [ljifcasys] rundll32.exe "ssrspq.dll",DllRegisterServer (User 'Default user') [2010-04-23]
O4 - HKLM\..\Run: [gedaxwsys] rundll32.exe "ssrspq.dll",DllRegisterServer [2010-04-23]
O4 - HKLM\..\Run: [qomnmkdrv] rundll32.exe "efdawx.dll",s [2010-04-23]
O4 - HKUS\S-1-5-18\..\Run: [iifebydrv] rundll32.exe "efdawx.dll",s (User 'SYSTEM') [2010-04-23]
O4 - HKUS\S-1-5-18\..\Run: [ljifcasys] rundll32.exe "ssrspq.dll",DllRegisterServer (User 'SYSTEM') [2010-04-23]
O4 - HKUS\.DEFAULT\..\Run: [vttttqdrv] rundll32.exe "efdawx.dll",s (User 'Default user') [2010-05-07]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 [2010-05-07]
O4 - HKCU\..\Run: [pmnnlmdrv] rundll32.exe "efdawx.dll",s [2010-05-07]
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) [2010-05-07]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb [2010-05-07]
O4 - HKLM\..\Run: [cbxwuvdrv] rundll32.exe "efdawx.dll",s [2010-05-07]
O4 - HKUS\S-1-5-18\..\Run: [vttttqdrv] rundll32.exe "efdawx.dll",s (User 'SYSTEM') [2010-05-07]
O4 - HKCU\..\Run: [qopqpodrv] rundll32.exe "efdawx.dll",s [2010-05-12]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) [2010-05-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb [2010-05-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb [2010-05-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb [2010-05-12]
O4 - HKLM\..\Run: [mamueker] C:\Documents and Settings\steve\Local Settings\Application Data\tawlugjli\bxwkbrstssd.exe [2010-07-14]
O4 - HKCU\..\Run: [mamueker] C:\Documents and Settings\steve\Local Settings\Application Data\tawlugjli\bxwkbrstssd.exe [2010-07-14]
O4 - HKLM\..\Run: [WEB Framework] C:\Program Files\WEB Framework\wbfrmwrk.exe [2010-07-19]

======Security center information======

AV: AVG Anti-Virus Free
AV: Lavasoft Ad-Watch Live! Anti-Virus
AV: ZoneAlarm Anti-virus Antivirus
FW: ZoneAlarm Firewall

======System event log======

Computer Name: D75WCWB1
Event Code: 1002
Message: The IP address lease 192.168.100.11 for the Network Card with network address 001372E75433 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 96056
Source Name: Dhcp
Time Written: 20100714163442.000000-240
Event Type: error
User:

Computer Name: D75WCWB1
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- (null).

Record Number: 96053
Source Name: Print
Time Written: 20100714163415.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: D75WCWB1
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001372E75433. The IP address being used is 169.254.114.138.

Record Number: 96042
Source Name: Dhcp
Time Written: 20100714163204.000000-240
Event Type: warning
User:

Computer Name: D75WCWB1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001372E75433. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 96041
Source Name: Dhcp
Time Written: 20100714163154.000000-240
Event Type: warning
User:

Computer Name: D75WCWB1
Event Code: 7023
Message: The Computer Browser service terminated with the following error:
This operation returned because the timeout period expired.

Record Number: 95949
Source Name: Service Control Manager
Time Written: 20100714101244.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: D75WCWB1
Event Code: 1004
Message: Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-53F3-469B-842F-2CE17B80840C}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval' does not exist.

Record Number: 68877
Source Name: MsiInstaller
Time Written: 20100721082918.000000-240
Event Type: warning
User: D75WCWB1\deborah

Computer Name: D75WCWB1
Event Code: 1001
Message: Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 68876
Source Name: MsiInstaller
Time Written: 20100721082918.000000-240
Event Type: warning
User: D75WCWB1\deborah

Computer Name: D75WCWB1
Event Code: 1004
Message: Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-53F3-469B-842F-2CE17B80840C}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval' does not exist.

Record Number: 68875
Source Name: MsiInstaller
Time Written: 20100721082918.000000-240
Event Type: warning
User: D75WCWB1\deborah

Computer Name: D75WCWB1
Event Code: 1001
Message: Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 68874
Source Name: MsiInstaller
Time Written: 20100721082917.000000-240
Event Type: warning
User: D75WCWB1\deborah

Computer Name: D75WCWB1
Event Code: 1004
Message: Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-53F3-469B-842F-2CE17B80840C}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval' does not exist.

Record Number: 68873
Source Name: MsiInstaller
Time Written: 20100721082917.000000-240
Event Type: warning
User: D75WCWB1\deborah

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

by **melboy** » July 28th, 2010, 6:03 pm

Hi

If you have any queries about the instructions below, please ask.

Multiple Anti Virus programs.

You are operating multiple Anti Virus programs on your computer:

AV: AVG Anti-Virus Free
AV: Lavasoft Ad-Watch Live! Anti-Virus (Ad-Aware)
AV: ZoneAlarm Anti-virus Antivirus

It is NOT safe to have more than one anti-virus installed on a system, and that doing so not only does not provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes! You MUST remove all but one anti-virus program.

Does the Prevx software that you have installed include virus protection? If so, include it in the list with the other antivirus software and choose one to keep and remove the others. As ZoneAlarm offers you firewall protection as well as anti-virus protection It may be prudent to keep that.

Also, by the looks of it you have attempted to remove AVG, perhaps unsuccessfully. Run the AVG remover tool.

Download AVG_Remover from here and save it to your desktop.
Double click avgremover.exe to run the tool.
Follow the prompts, rebooting when prompted.

When you have uninstalled all but one antivirus, please run Security Check:

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.

by **Steve001** » July 29th, 2010, 8:11 am

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
McAfee UnInstaller
ZoneAlarm
ZoneAlarm Toolbar
Prevx
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Adobe Flash Player 10.1.53.64
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.

````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Is it advisable to keep more then one anti-virus program, have only one running and the others used only when needed ?

Free Malware Removal Forum

Firefox & IE 7 Search Redirects Plus other Odd Stuff

Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Re: Firefox & IE 7 Search Redirects Plus other Odd Stuff

Who is online