« previous next »
Pages: [1]   Go Down

Author Topic: VIRUS? - RSIT.exe Log Files  (Read 2237 times)

0 Members and 1 Guest are viewing this topic.

Offline bekz09

  • Newbie
  • *
  • Posts: 15
VIRUS? - RSIT.exe Log Files
« on: May 15, 2009, 09:49:07 PM »
Hi, "Paddy" told me to post the following log's to get advice; Would appreciate any help.

I  downloaded a free copy of Spyware Doctor and ran it to see if I had any viruses on my computer (was initially concerned that Keylogger was installed on my pc, and wanted to check this) but the report has stated that I have the 8 Threats & and 261 infections on my computer:

Don't have a clue what they mean - but thes are the most worrying:
2 threats of:
Name: Trojan.TDSServ
Threat Level: High.

Have downloaded and ran Malwarebytes' Anti-Malware; and have just ran ;random's system information tool (RSIT)

"Paddy has suggested I post the logs here to get someone to have a look at it; I would appreciate any help.. thanks in advance.

here are the logs:
Logfile of random's system information tool 1.06 (written by random/random)
Run by rebecca at 2009-05-15 21:59:11
Microsoft® Windows Vista™ Home Premium  
System drive C: has 53 GB (56%) free of 95 GB
Total RAM: 1919 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:32, on 15/05/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Users\shauna\AppData\Roaming\IMVUClient\IMVUClient.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Users\shauna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q6RMV4V\RSIT[1].exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\rebecca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'shauna')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - S-1-5-21-3816998836-1839666675-2622873197-1002 Startup: IMVU.lnk = C:\Users\shauna\AppData\Roaming\IMVUClient\IMVUClient.exe (User 'shauna')
O4 - S-1-5-21-3816998836-1839666675-2622873197-1002 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'shauna')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 15706 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-26 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-19 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-26 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-12-22 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-09-03 630784]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-23 815104]
"ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2006-12-13 106496]
"ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2007-12-22 37232]
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2007-12-22 33136]
"PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-06-26 778240]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-08-03 63048]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-03-29 79224]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-26 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-14 1603152]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]
"Malwarebytes Anti-Malware (reboot)"=C:\Desktop\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 1277584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-19 1232896]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-27 39408]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]
"Nokia.PCSync"=C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"PC Suite Tray"=C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-28 1830128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe

C:\Users\rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-05-15 21:59:13 ----D---- C:\Program Files\trend micro
2009-05-15 21:59:11 ----D---- C:\rsit
2009-05-10 16:27:34 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-05-10 16:27:07 ----D---- C:\Users\rebecca\AppData\Roaming\SUPERAntiSpyware.com
2009-05-10 16:27:07 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-10 16:25:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-10 14:03:13 ----D---- C:\Avenger
2009-05-10 14:03:11 ----A---- C:\avenger.txt
2009-05-10 11:39:42 ----D---- C:\Users\rebecca\AppData\Roaming\Malwarebytes
2009-05-10 11:39:34 ----D---- C:\ProgramData\Malwarebytes
2009-05-10 11:39:34 ----D---- C:\Desktop
2009-05-10 00:03:41 ----D---- C:\Program Files\Common Files\PC Tools
2009-05-10 00:03:30 ----D---- C:\Users\rebecca\AppData\Roaming\PC Tools
2009-05-10 00:03:30 ----D---- C:\ProgramData\PC Tools
2009-05-10 00:03:30 ----D---- C:\Program Files\Spyware Doctor
2009-05-10 00:03:27 ----A---- C:\Windows\system32\msxml.dll
2009-05-10 00:03:26 ----A---- C:\Windows\system32\STKIT432.DLL
2009-05-10 00:03:23 ----D---- C:\Program Files\Registry Mechanic
2009-05-05 19:23:16 ----D---- C:\Program Files\Common Files\SWF Studio
2009-05-05 19:23:13 ----SHD---- C:\Users\rebecca\AppData\Roaming\.#
2009-05-05 19:23:06 ----AD---- C:\ProgramData\TEMP
2009-05-05 19:22:25 ----D---- C:\Program Files\iWin.com
2009-05-05 19:02:17 ----D---- C:\ProgramData\iWin Games
2009-05-05 19:01:40 ----D---- C:\Program Files\iWin Games
2009-04-22 21:49:53 ----D---- C:\Program Files\Common Files\Windows Live
2009-04-15 13:53:23 ----A---- C:\Windows\system32\winhttp.dll
2009-04-15 13:53:19 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-15 13:53:19 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-15 13:53:03 ----A---- C:\Windows\system32\rpcss.dll
2009-04-15 13:53:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-15 13:53:00 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-15 13:53:00 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-15 13:52:59 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-15 13:52:59 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-15 13:52:59 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-15 13:52:59 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-15 13:52:59 ----A---- C:\Windows\system32\iasads.dll
2009-04-15 13:52:51 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-15 13:52:50 ----A---- C:\Windows\system32\secur32.dll
2009-04-15 13:52:50 ----A---- C:\Windows\system32\lsass.exe
2009-04-15 13:52:50 ----A---- C:\Windows\system32\kernel32.dll
2009-04-15 13:52:50 ----A---- C:\Windows\system32\apilogen.dll
2009-04-15 13:52:49 ----A---- C:\Windows\system32\amxread.dll
2009-04-15 13:52:37 ----A---- C:\Windows\system32\mshtml.dll
2009-04-15 13:52:34 ----A---- C:\Windows\system32\ieframe.dll
2009-04-15 13:52:32 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-15 13:52:31 ----A---- C:\Windows\system32\urlmon.dll
2009-04-15 13:52:31 ----A---- C:\Windows\system32\iertutil.dll
2009-04-15 13:52:31 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-15 13:52:30 ----A---- C:\Windows\system32\occache.dll
2009-04-15 13:52:30 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-15 13:52:29 ----A---- C:\Windows\system32\wininet.dll
2009-04-15 13:52:29 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-15 13:52:29 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-15 13:52:28 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-15 13:52:28 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-15 13:52:28 ----A---- C:\Windows\system32\ieencode.dll
2009-04-15 13:52:28 ----A---- C:\Windows\system32\admparse.dll
2009-04-15 13:52:27 ----A---- C:\Windows\system32\mstime.dll
2009-04-15 13:52:27 ----A---- C:\Windows\system32\ieui.dll
2009-04-15 13:52:27 ----A---- C:\Windows\system32\iesetup.dll
2009-04-15 13:52:27 ----A---- C:\Windows\system32\advpack.dll
2009-04-15 13:52:26 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-15 13:52:26 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-15 13:52:26 ----A---- C:\Windows\system32\iernonce.dll
2009-04-15 13:52:26 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-15 13:52:26 ----A---- C:\Windows\system32\icardie.dll
2009-04-15 13:52:25 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-15 13:52:25 ----A---- C:\Windows\system32\ieakui.dll
2009-04-15 13:52:24 ----A---- C:\Windows\system32\ieapfltr.dll
2009-03-13 17:14:49 ----HD---- C:\ProgramData\CanonBJ
2009-03-13 17:13:44 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2009-03-13 17:12:13 ----A---- C:\Windows\system32\CNMLM97.DLL
2009-03-13 17:11:50 ----HD---- C:\Program Files\CanonBJ
2009-03-13 17:10:39 ----D---- C:\Program Files\Canon
2009-03-13 17:08:20 ----D---- C:\Users\rebecca\AppData\Roaming\PC Suite
2009-03-13 17:08:20 ----D---- C:\Users\rebecca\AppData\Roaming\Nokia
2009-03-13 17:08:19 ----D---- C:\ProgramData\PC Suite
2009-03-11 08:15:59 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 08:15:57 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 08:15:56 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 08:15:56 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 08:12:26 ----A---- C:\Windows\system32\schannel.dll
2009-02-26 13:32:42 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-17 11:15:01 ----A---- C:\Windows\system32\EncDec.dll
2009-02-17 11:14:57 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-17 11:14:57 ----A---- C:\Windows\system32\mcmde.dll

======List of files/folders modified in the last 3 months======

2009-05-15 21:59:20 ----D---- C:\Windows\Temp
2009-05-15 21:59:14 ----D---- C:\Windows\Prefetch
2009-05-15 21:59:13 ----RD---- C:\Program Files
2009-05-15 21:40:40 ----D---- C:\Windows\system32\drivers
2009-05-15 15:38:57 ----D---- C:\Windows\System32
2009-05-15 15:38:57 ----D---- C:\Windows\inf
2009-05-15 15:38:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-15 15:01:12 ----A---- C:\Windows\system32\acovcnt.exe
2009-05-15 07:58:55 ----D---- C:\Program Files\LogMeIn
2009-05-14 21:05:42 ----D---- C:\Windows\winsxs
2009-05-14 19:52:59 ----SHD---- C:\System Volume Information
2009-05-14 19:27:36 ----SHD---- C:\Windows\Installer
2009-05-14 19:25:38 ----D---- C:\Windows\system32\catroot
2009-05-14 19:25:20 ----D---- C:\Program Files\Windows Mail
2009-05-10 16:27:34 ----HD---- C:\ProgramData
2009-05-10 16:25:58 ----D---- C:\Program Files\Common Files
2009-05-10 11:12:13 ----D---- C:\Windows\system32\catroot2
2009-05-09 21:46:47 ----A---- C:\Windows\NeroDigital.ini
2009-04-29 01:15:04 ----D---- C:\Users\rebecca\AppData\Roaming\LimeWire
2009-04-29 01:10:28 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-29 01:10:01 ----D---- C:\Program Files\Windows Live
2009-04-23 14:10:22 ----SD---- C:\Windows\Downloaded Program Files
2009-04-22 21:49:51 ----SD---- C:\ProgramData\Microsoft
2009-04-16 13:09:47 ----D---- C:\Windows\system32\wbem
2009-04-16 13:09:46 ----D---- C:\Windows\system32\manifeststore
2009-04-16 13:09:46 ----D---- C:\Windows\AppPatch
2009-04-16 13:09:45 ----D---- C:\Windows\system32\migration
2009-04-16 13:09:45 ----D---- C:\Program Files\Internet Explorer
2009-04-16 13:00:16 ----A---- C:\Windows\win.ini
2009-03-14 01:12:09 ----D---- C:\Windows
2009-03-14 01:05:22 ----D---- C:\Windows\Minidump
2009-03-13 04:08:15 ----D---- C:\Program Files\Windows Media Player
2009-03-06 08:56:59 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-18 03:02:31 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-03-29 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-03-29 42912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 50768]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 28672]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-31 743424]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-19 14208]
R3 DNISp50;DNISp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2006-11-02 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 2385920]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 35328]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\System32\Drivers\StkCMini.sys [2007-06-06 1260672]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-23 181304]
R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service; C:\Windows\system32\DRIVERS\WG111Tv.sys [2007-06-01 870400]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\DNIMp50.sys [2006-11-16 21504]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-02 565248]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-04-27 78104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2007-11-15 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-08-03 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkCSrv.exe [2007-04-18 24576]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 182768]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-14 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

And the 2nd one:
info.txt logfile of random's system information tool 1.06 2009-05-15 21:59:40

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9
ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ASUS Touch Pad Extra-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB891739-2EB3-45A8-9CBD-941C255CECD4}\SETUP.EXE" -l0x9
Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe"
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe" -l0x9  -removeonly
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Canon iP2600 series User Registration-->C:\Program Files\Canon\IJEREG\iP2600 series\UNINST.EXE
Canon iP2600 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
iWin Games (remove only)-->"C:\Program Files\iWin Games\Uninstall.exe"
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
LimeWire 4.16.7-->"C:\Program Files\LimeWire\uninstall.exe"
LogMeIn-->MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Malwarebytes' Anti-Malware-->"C:\Desktop\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Mean Girls High School Showdown (remove only)-->"C:\Program Files\iWin.com\Mean Girls High School Showdown\Uninstall.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\SETUP.EXE" -l0x9
Nero 7 Essentials-->MsiExec.exe /X{BC61F51E-8AF7-46B9-AF20-B33B5EE81033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter-->C:\Program Files\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\setup.exe -runfromtemp -l0x0009 -removeonly
Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia PC Suite-->C:\ProgramData\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_wu_eng.exe
Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
Power4Gear eXtreme-->C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\setup.exe -runfromtemp -l0x0009 -removeonly
PowerForPhone-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9  -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\SETUP.exe" -l0x9  -removeonly
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
USB2.0 1.3M WebCam-->C:\Windows\StkUnist.exe
Windows Driver Package - Nokia Modem  (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem  (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: avast! antivirus 4.8.1169 [VPS 090515-0]
AS: Spyware Doctor (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
AS: avast! antivirus 4.8.1169 [VPS 090515-0]

======System event log======

Computer Name: rebecca-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 105233
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090515184223.845763-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: rebecca-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.
Record Number: 105238
Source Name: ACPI
Time Written: 20090515203904.187500-000
Event Type: Error
User:

Computer Name: rebecca-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.
Record Number: 105239
Source Name: ACPI
Time Written: 20090515203904.187500-000
Event Type: Error
User:

Computer Name: rebecca-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance.
Record Number: 105240
Source Name: ACPI
Time Written: 20090515203904.187500-000
Event Type: Error
User:

Computer Name: rebecca-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0. Please contact your system vendor for technical assistance.
Record Number: 105241
Source Name: ACPI
Time Written: 20090515203904.296875-000
Event Type: Error
User:

=====Application event log=====

Computer Name: rebecca-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 19913
Source Name: WerSvc
Time Written: 20090514222809.000000-000
Event Type: Error
User:

Computer Name: rebecca-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 4 user registry handles leaked from \Registry\User\S-1-5-21-3816998836-1839666675-2622873197-1002:
Process 720 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3816998836-1839666675-2622873197-1002\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3816998836-1839666675-2622873197-1002\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 1044 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3816998836-1839666675-2622873197-1002\Software\Policies
Process 1044 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3816998836-1839666675-2622873197-1002\Software

Record Number: 19936
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090515140027.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: rebecca-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 3 user registry handles leaked from \Registry\User\S-1-5-21-3816998836-1839666675-2622873197-1002:
Process 936 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3816998836-1839666675-2622873197-1002
Process 5716 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3816998836-1839666675-2622873197-1002\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 3044 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3816998836-1839666675-2622873197-1002\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Record Number: 19946
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090515184207.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: rebecca-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 1 user registry handles leaked from \Registry\User\S-1-5-21-3816998836-1839666675-2622873197-1002_Classes:
Process 936 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3816998836-1839666675-2622873197-1002_CLASSES

Record Number: 19947
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090515184208.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: rebecca-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 19961
Source Name: WerSvc
Time Written: 20090515204040.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: rebecca-PC
Event Code: 4688
Message: A new process has been created.

Subject:
   Security ID:      S-1-5-18
   Account Name:      REBECCA-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Process Information:
   New Process ID:      0x2bc
   New Process Name:   C:\Program Files\Windows Live Toolbar\msn_sl.exe
   Token Elevation Type:   TokenElevationTypeDefault (1)
   Creator Process ID:   0x34c

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled.  A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled.  An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator.  An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled.  The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 318869
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090515210054.550675-000
Event Type: Audit Success
User:

Computer Name: rebecca-PC
Event Code: 4689
Message: A process has exited.

Subject:
   Security ID:      S-1-5-21-3816998836-1839666675-2622873197-1002
   Account Name:      shauna
   Account Domain:      rebecca-PC
   Logon ID:      0x34345

Process Information:
   Process ID:   0x2bc
   Process Name:   C:\Program Files\Windows Live Toolbar\msn_sl.exe
   Exit Status:   0x0
Record Number: 318870
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090515210227.110180-000
Event Type: Audit Success
User:

Computer Name: rebecca-PC
Event Code: 4688
Message: A new process has been created.

Subject:
   Security ID:      S-1-5-18
   Account Name:      REBECCA-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Process Information:
   New Process ID:      0x1788
   New Process Name:   C:\Program Files\Windows Live Toolbar\msn_sl.exe
   Token Elevation Type:   TokenElevationTypeDefault (1)
   Creator Process ID:   0x34c

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled.  A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled.  An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator.  An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled.  The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 318871
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090515210237.480610-000
Event Type: Audit Success
User:

Computer Name: rebecca-PC
Event Code: 4689
Message: A process has exited.

Subject:
   Security ID:      S-1-5-21-3816998836-1839666675-2622873197-1002
   Account Name:      shauna
   Account Domain:      rebecca-PC
   Logon ID:      0x34345

Process Information:
   Process ID:   0x754
   Process Name:   C:\Program Files\Internet Explorer\iexplore.exe
   Exit Status:   0x0
Record Number: 318872
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090515210245.455686-000
Logged

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1376
Re: VIRUS? - RSIT.exe Log Files
« Reply #1 on: May 15, 2009, 10:12:54 PM »
Hello , bekz  I see you got my PM.    Welcome to the forum.  :Hammys pint:
Bekzs Hang in ther someone will be with you ASAP.. 



Ok folks this is what’s going on 
This was Bekzs thread here  I’ve all ready had a word with Corrine in Private .


Thread just to let you know how things stand, and what has been done so far.
http://www.boards.ie/vbulletin/showthread.php?s=6cf3b5a7bdcfe37a08897a4283a3a15e&t=2055560549

Paddy..
Logged
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11542
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: VIRUS? - RSIT.exe Log Files
« Reply #2 on: May 16, 2009, 12:17:38 AM »
Hi, bekz09.  Welcome to LandzDown Forum.

Paddy contacted me last night and provided a link to your thread indicating he had requested an RSIT log.  Due to the showing of TDSServ, I confirmed that seeing an RSIT log would help determine if there was need for concern.  Every TDSServ infection I have helped remove has required significant work to remove.  However, in your case, it appears that there was only the two temp files that MBAM (Malwarebytes) removed.

That said, there are other issues that need addressing.

I do not advise the use of registry cleaners as they generally do more harm than good.  You may want to consider uninstalling RegCure 1.5.0.1 and Registry Mechanic 8.0.

According to the Security Center information provided in the log, you have Avast as your antivirus software but there is no indication of a firewall.  If you do not have the Windows Vista firewall turned on, please see How can I turn on or turn off the firewall in Windows XP Service Pack 2 or later versions? for instructions or use the "Fix it for me" on that page.

In addition, please also see avast! Updates as it appears you need to update the software. 

With regard to LimeWire 4.16.7, which was likely the source of the original problem, a strong word of caution:  P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Use of P2P programs can result in Identity Theft.

Whew!  I'll bet you didn't expect a lecture, did you?  How is your computer running?
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline bekz09

  • Newbie
  • *
  • Posts: 15
Re: VIRUS? - RSIT.exe Log Files
« Reply #3 on: May 16, 2009, 01:56:42 AM »
Hi Corrine,
thanks for your help, computer appears to be running ok, but when i tried to turn on the firewall, (fix it for me) option, i get a message said it does not apply to my pc. I will remove the regcure and registery mechanic, and also limewire
thanks
Logged

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1376
Re: VIRUS? - RSIT.exe Log Files
« Reply #4 on: May 16, 2009, 12:13:36 PM »
Hi , bekz  it looks like you’ve been very lucky not to have gotten a more heavy infection .. :thumbsup:
Also just having a quick look through you log-file! I see lime wire is being used by another user on that computer..  :thud:
Quote
Files\LimeWire\LimeWire.exe (User 'shauna')

Maybe a word in her ear, :beg: about the dangers of P2P software,  might help you both from getting re-infected.

Also your Adobe\Reader is way out of date.
"C:\Program Files\Adobe\Reader 8.0
See:  http://www.landzdown.com/index.php?topic=31178.0

And you’re Java.
Program Files\Java\jre1.6.0_05
See:  http://www.landzdown.com/index.php?topic=7887.15

Paddy..  :Pat:


Logged
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline bekz09

  • Newbie
  • *
  • Posts: 15
Re: VIRUS? - RSIT.exe Log Files
« Reply #5 on: May 16, 2009, 01:56:56 PM »
thanks Paddy,
I have removed Limewire altogether from the laptop.  will i remove and reinstall Adobe & Java also?
Logged

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11542
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: VIRUS? - RSIT.exe Log Files
« Reply #6 on: May 16, 2009, 05:12:18 PM »
Hi, Bekz09.  For SunJava, please do the following this time.  Further SunJava updates will properly update.

Please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program.  (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.

Then download and install Java SE Runtime Environment (JRE) 6 Update 13.   

Note:  UNCHECK any pre-checked toolbar and/or software options presented with the update.  They are not part of the software update and are completely optional.   

The latest version of Adobe Reader is here:  http://get.adobe.com/reader .  There are also alternative PDF readers that you may wish to try instead:  http://pdfreaders.org/ .
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Pages: [1]   Go Up
« previous next »